SLES15 Default Iptable rule causing issue

Below rule in iptables is causing the slptool to fail in detecting the services of other hosts.
REJECT all – anywhere anywhere reject-with icmp-host-prohibited
I deleted it by using below command
iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
and slp started working with firewall enabled.
however when i reload the firewalld it again went back to original rule (REJECT)
how can i delete this rule permanently so that even after reoading firewall it does not go back to default.

@vishal look at using YaST firewall config to make changes, I don’t have a SLES 12 SP5 setup, but you need to save the runtime setting to permanent eg firewall-cmd --runtime-to-permanent.

@malcolmlewis : OS is SLES15
i tried running firewall-cmd --runtime-to-permanent but it again goes back to default when firewalld is reloaded.

@malcolmlewis : i even tried to update the firewall.service unit file by adding script like below but even with this after firewalld reload it goes back to default
sles15:~ # cat /usr/lib/systemd/system/firewalld.service
Description=firewalld - dynamic firewall daemon
Conflicts=iptables.service ip6tables.service ebtables.service ipset.service

ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS
ExecReload=/bin/kill -HUP $MAINPID

supress to log debug and error output also to /var/log/messages


sles15:~ #

sles15:~ # cat /root/

echo "date Remove rules" > /tmp/remove-icmp.log

iptables -w 5 -D INPUT -j REJECT --reject-with icmp-host-prohibited >> /tmp/remove-icmp.log 2>&1
[ $? -ne 0 ] && echo “Failed” >> /tmp/remove-icmp.log
iptables -w 5 -D FORWARD -j REJECT --reject-with icmp-host-prohibited >> /tmp/remove-icmp.log 2>&1
[ $? -ne 0 ] && echo “Failed” >> /tmp/remove-icmp.log

echo “date” >> /tmp/remove-icmp.log
exit 0

@vishal Hi, AFAIK, all you should have to do is run the firewall-cmd with your rule, once confirmed all ok, then make the switch from runtime to permanent… it should not be necessary for any scripts or file tweaks.

@malcolmlewis : at first i tried that only after making the rule change i ran firewall-cmd --runtime-to-permanenent
but then if i reload the firewall or reboot the machine it again switch back to default .

@vishal Hi, suggest a read at the following, perhaps the zone needs to be selected as well…