I think the following is a "bug" even if it is just minor.  This is on F32.

[root@meimei ~]# firewall-cmd --get-active-zone
libvirt
  interfaces: virbr0
public
  interfaces: wlp4s0 enp2s0

The following seems correct for enp2s0.

[egreshko@meimei ~]$ firewall-cmd --get-zone-of-interface=enp2s0
public

[root@meimei ~]# firewall-cmd --query-interface=enp2s0
yes

But then for virbr0

[root@meimei ~]# firewall-cmd --get-zone-of-interface=virbr0
libvirt

Seems fine, yet this is "no"

[root@meimei ~]# firewall-cmd --query-interface=virbr0
no

but

[root@meimei ~]# firewall-cmd --zone=libvirt --query-interface=virbr0
yes

To make matters more confusing to me.

[root@meimei ~]# firewall-cmd --list-interfaces
wlp4s0 enp2s0


Why isn't virbr0 listed when --get-active-zone shows that as an interface?



--
The key to getting good answers is to ask good questions.