Firewalld: run to permantent commands throws error "NOT ENABLED:ens32"

I am trying to add an IP address as a source in the trusted zone. But when I try to make it permanent by going to Options -> Runtime to Permanent it gives the error “NOT_ENABLED: ens32”.

How can I make my rules permanent?

Does this network device exist, and is it enabled?

I think so.

ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    altname enp2s0

Even firewalld GUI shows ens32 it under “Connections”.


❯ sudo firewall-cmd --get-active-zones
  interfaces: ens32

So it looks like ens32 pretty much exists and is enabled.

I also same thing happens when I try to do this from terminal:

❯ sudo firewall-cmd --zone=trusted --add-source=

❯ sudo firewall-cmd --runtime-to-permanent
Warning: NOT_ENABLED: ens32

The rules are not becoming permanent. I had to add the rules every time I start my computer.


sudo firewall-cmd --zone=trusted --change-interface=ens32

sudo firewall-cmd --zone=trusted --add-source=

sudo firewall-cmd --runtime-to-permanent

1 Like

This worked, although I changed the zone back to public after I am done.

This also worked:

sudo firewall-cmd --zone=trusted --add-source= --permanent

As in adding the rule permanent from the get go rather than trying to make it permanent later.

A firewalld cheat sheet


1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.