For firewalld-0.4.X it is needed to allow the creation of /run/firewalld by
firewalld and to read temporary files in this directory by the iptables tools.
Also using /var/log/firewalld.log is needed for the debug mode.

In this directory there is the file firewalld-0.4.te, that is the policy module
definition file. You can create a policy module with the following steps:


To generate firewalld-0.4.mod from firewalld-0.4.te:

  checkmodule -M -m firewalld-0.4.te -o firewalld-0.4.mod

To generate firewalld-0.4.pp from firewalld-0.4.mod:

  semodule_package -m firewalld-0.4.mod -o firewalld-0.4.pp


With semodule it is possible to load and also remove the policy module:

To load the package into SELinux:

  semodule -i firewalld-0.4.pp

To remove the package from SELinux again:

  semodule -r firewalld-0.4

For a list of all loaded SELinux modules:

  semodule -l