Apply the firewalld configuration directly into the running one.

library/network/src/lib/y2firewall/firewalld.rb

@@ -67,7 +67,8 @@ class Firewalld
     PACKAGE = "firewalld".freeze
     SERVICE = "firewalld".freeze
 
-    def_delegators :@api, :enable!, :disable!, :reload, :running?
+    def_delegators :@api, :complete_reload, :enable!, :disable!,
+      :reload, :running?, :runtime_to_permanent
 
     # Constructor
     def initialize
@@ -136,7 +137,7 @@ def modified?
 
     # Apply the changes to the modified zones and sets the logging option
     def write
-      write_only && reload
+      write_only && runtime_to_permanent
     end
 
     # Apply the changes to the modified zones and sets the logging option

library/network/src/lib/y2firewall/firewalld/api.rb

@@ -58,7 +58,7 @@ class Api
       attr_accessor :mode
 
       # Constructor
-      def initialize(mode: nil, permanent: true)
+      def initialize(mode: nil, permanent: false)
         @mode =
           if mode == :running || running?
             :running
@@ -148,6 +148,15 @@ def complete_reload
         run_command("--complete-reload")
       end
 
+      # Turn the running configuration permanent. In offline mode it just
+      # return true as it is already permanent.
+      #
+      # @return [Boolean] The firewalld complete-reload result (exit code)
+      def runtime_to_permanent
+        return true if offline?
+        run_command("--runtime-to-permanent")
+      end
+
       ### Logging ###
 
       # @param kind [String] Denied packets to log. Possible values are:
@@ -189,7 +198,7 @@ def command
       # which do not cause an exception.
       # command to be executed
       def run_command(*args, permanent: false, allowed_exitstatus: nil)
-        arguments = permanent ? ["--permanent"] : []
+        arguments = !offline? && permanent ? ["--permanent"] : []
         arguments.concat(args)
         log.info("Executing #{command} with #{arguments.inspect}")
 

library/network/src/lib/y2firewall/firewalld/api/services.rb

@@ -29,10 +29,8 @@ class Api
       # definition and configuration.
       module Services
         # @param service [String] The firewall service
-        # @param permanent [Boolean] if true it adds the --permanent option the
-        # command to be executed
-        def new_service(service, permanent: permanent?)
-          query_command("--new-service=#{service}", permanent: permanent)
+        def new_service(service)
+          query_command("--new-service=#{service}", permanent: true)
         end
 
         # @return [Array<String>] List of firewall services
@@ -41,28 +39,22 @@ def services
         end
 
         # @param service [String] The firewall service
-        # @param permanent [Boolean] if true it adds the --permanent option the
-        # command to be executed
         # @return [Array<String>] list of all information for the given service
-        def info_service(service, permanent: permanent?)
-          string_command("--info-service", service.to_s, permanent: permanent).split("\n")
+        def info_service(service)
+          string_command("--info-service", service.to_s, permanent: true).split("\n")
         end
 
         # @param service [String] The firewall service
-        # @param permanent [Boolean] if true it adds the --permanent option the
-        # command to be executed
         # @return [String] Short description for service
-        def service_short(service, permanent: permanent?)
+        def service_short(service)
           # these may not exist on early firewalld releases
-          string_command("--service=#{service}", "--get-short", permanent: permanent)
+          string_command("--service=#{service}", "--get-short", permanent: true)
         end
 
         # @param service [String] the firewall service
-        # @param permanent [Boolean] if true it adds the --permanent option the
-        # command to be executed
         # @return [String] Description for service
-        def service_description(service, permanent: permanent?)
-          string_command("--service=#{service}", "--get-description", permanent: permanent)
+        def service_description(service)
+          string_command("--service=#{service}", "--get-description", permanent: true)
         end
 
         # @param service [String] The firewall service
@@ -72,27 +64,21 @@ def service_supported?(service)
         end
 
         # @param service [String] The firewall service
-        # @param permanent [Boolean] if true it adds the --permanent option the
-        # command to be executed
         # @return [Array<String>] The firewall service ports
-        def service_ports(service, permanent: permanent?)
-          string_command("--service=#{service}", "--get-ports", permanent: permanent).split(" ")
+        def service_ports(service)
+          string_command("--service=#{service}", "--get-ports", permanent: true).split(" ")
         end
 
         # @param service [String] The firewall service
-        # @param permanent [Boolean] if true it adds the --permanent option the
-        # command to be executed
         # @return [Array<String>] The firewall service protocols
-        def service_protocols(service, permanent: permanent?)
-          string_command("--service=#{service}", "--get-protocols", permanent: permanent).split(" ")
+        def service_protocols(service)
+          string_command("--service=#{service}", "--get-protocols", permanent: true).split(" ")
         end
 
         # @param service [String] The firewall service
-        # @param permanent [Boolean] if true it adds the --permanent option the
-        # command to be executed
         # @return [Array<String>] The firewall service modules
-        def service_modules(service, permanent: permanent?)
-          string_command("--service=#{service}", "--get-modules", permanent: permanent).split(" ")
+        def service_modules(service)
+          string_command("--service=#{service}", "--get-modules", permanent: true).split(" ")
         end
 
         # @param service [String] The firewall service