For firewalld-0.4.4 it is needed to allow the search and read of the netfilter conntrack helpers to see if they are usable iespecially if automatic helper assignment is turned off. There is no other way to get the list of supported and usable netfilter helpers than searching for nf_conntrack_*.ko* kernel modules and using modinfo on the modules to get the helpers they provide. In this directory there is the file firewalld-0.4.4.te, that is a policy module definition file for SELinux. You can create a policy module with the following steps: To generate firewalld-0.4.4.mod from firewalld-0.4.4.te: checkmodule -M -m firewalld-0.4.4.te -o firewalld-0.4.4.mod To generate firewalld-0.4.4.pp from firewalld-0.4.4.mod: semodule_package -m firewalld-0.4.4.mod -o firewalld-0.4.4.pp With semodule it is possible to load and also remove the policy module: To load the package into SELinux: semodule -i firewalld-0.4.4.pp To remove the package from SELinux again: semodule -r firewalld-0.4.4 For a list of all loaded SELinux modules: semodule -l