SUSE Support

Here When You Need Us

🚀 Knowledge Base Beta
Preview our redesigned Knowledge Base. Click here to try it and give us your feedback! Your input helps us improve

After update to 15 SP6 or SP7, firewalld causes high CPU utilization and ERROR: dbus.proxies:Introspect

This document (000021911) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 15 SP7
SUSE Linus Enterprise Server 15 SP6

Situation

Updating SLES 15 to 15 SP6 or SP7 may, in rare cases, cause firewalld operations to trigger high CPU utilization.  Such operations may also generate errors such as:
 
ERROR: dbus.proxies:Introspect error on :1.350:/org/fedoraproject/FirewallD1: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
 
These errors might occur when restarting firewalld or when adding many interfaces to a zone.  Or even when adding only one interface, it might take 50 seconds or more to accomplish.
 
The problem may be more likely to occur when a large number of tunnels have been created.

Resolution

For now, the firewalld packages must be rolled back to an older version.  The problem comes from firewalld 2.0.x.  SUSE support can provide a set of packages to take firewalld back to v 1.3.4, specially compiled for 15 SP6 and SP7.

Please open a case with SUSE support and reference bugzilla 1231351.

 https://bugzilla.suse.com/show_bug.cgi?id=1231351

(Note, that bugzilla entry is not visible to the general public.)

Cause

In firewalld 2.x, within fw_zone.py function:
_interface_or_source_update_policies_derived_from_zone

Potentially 100x more rules are created when adding interfaces, as compared to firewalld 1.x versions.
 
This change came from the upstream firewalld project. SUSE developers are working with the project owners to optimize the rules generation code, but it may take considerable time.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021911
  • Creation Date: 09-Jul-2025
  • Modified Date:09-Jul-2025
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community
tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Support FAQ
tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center