diff --git a/README b/README
index 7c00c30..1205435 100644
--- a/README
+++ b/README
@@ -58,7 +58,7 @@ For use with Python 2:
 To be able to create man pages and documentation from docbook files:
 
   docbook-style-xsl
-  libxslt
+
 
 Use the usual autoconf/automake incantation to generate makefiles
 
diff --git a/config/firewalld.conf b/config/firewalld.conf
index f791b23..532f045 100644
--- a/config/firewalld.conf
+++ b/config/firewalld.conf
@@ -71,5 +71,5 @@ RFC3964_IPv4=yes
 # Note: If "yes" packets will only drift from source based zones to interface
 # based zones (including the default zone). Packets never drift from interface
 # based zones to other interfaces based zones (including the default zone).
-# Possible values; "yes", "no". Defaults to "yes".
-AllowZoneDrifting=yes
+# Possible values; "yes", "no". Defaults to "no".
+AllowZoneDrifting=no
diff --git a/config/firewalld.service.in b/config/firewalld.service.in
index afbe0ac..b757a08 100644
--- a/config/firewalld.service.in
+++ b/config/firewalld.service.in
@@ -4,7 +4,7 @@ Before=network-pre.target
 Wants=network-pre.target
 After=dbus.service
 After=polkit.service
-Conflicts=iptables.service ip6tables.service ebtables.service ipset.service nftables.service
+Conflicts=iptables.service ip6tables.service ebtables.service ipset.service
 Documentation=man:firewalld(1)
 
 [Service]
diff --git a/config/services/freeipa-trust.xml b/config/services/freeipa-trust.xml
index 315f69c..100cab6 100644
--- a/config/services/freeipa-trust.xml
+++ b/config/services/freeipa-trust.xml
@@ -9,6 +9,6 @@
   <port protocol="udp" port="389"/>
   <port protocol="tcp" port="445"/>
   <port protocol="udp" port="445"/>
-  <port protocol="tcp" port="49152-65535"/><!-- Dynamic RPC Ports -->
+  <port protocol="tcp" port="1024-1300"/>
   <port protocol="tcp" port="3268"/>
 </service>
diff --git a/config/services/ipsec.xml b/config/services/ipsec.xml
index 824f1f3..9e70acb 100644
--- a/config/services/ipsec.xml
+++ b/config/services/ipsec.xml
@@ -1,10 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <service>
   <short>IPsec</short>
-  <description>Internet Protocol Security (IPsec) is the standarized IETF VPN architecture defined in RFC 4301. IPsec is negotiated using the IKEv1 (RFC 2409) or IKEv2 (RFC 7296) protocol, which in itself uses encryption and authentication. IPsec provides Internet Protocol (IP) packet encryption and authentication. Both IKE and IPsec can be encapsulated in UDP (RFC 3948) or TCP (RFC 8229 to make it easier to traverse NAT. Enabling this service will enable IKE, IPsec and their encapsulation protocols and ports. Note that IKE and IPsec can also be configured to use non-default ports, but this is not common practise.</description>
+  <description>Internet Protocol Security (IPsec) incorporates security for network transmissions directly into the Internet Protocol (IP). IPsec provides methods for both encrypting data and authentication for the host or network it sends to. If you plan to use a vpnc server or FreeS/WAN, do not disable this option.</description>
   <port protocol="ah" port=""/>
   <port protocol="esp" port=""/>
   <port protocol="udp" port="500"/>
   <port protocol="udp" port="4500"/>
-  <port protocol="tcp" port="4500"/>
 </service>
diff --git a/config/zones/home.xml b/config/zones/home.xml
index 8aa8afa..42b29b2 100644
--- a/config/zones/home.xml
+++ b/config/zones/home.xml
@@ -6,5 +6,4 @@
   <service name="mdns"/>
   <service name="samba-client"/>
   <service name="dhcpv6-client"/>
-  <service name="cockpit"/>
 </zone>
diff --git a/config/zones/internal.xml b/config/zones/internal.xml
index 40cb7e1..e646b48 100644
--- a/config/zones/internal.xml
+++ b/config/zones/internal.xml
@@ -6,5 +6,4 @@
   <service name="mdns"/>
   <service name="samba-client"/>
   <service name="dhcpv6-client"/>
-  <service name="cockpit"/>
 </zone>
diff --git a/config/zones/public.xml b/config/zones/public.xml
index 617e131..49795d8 100644
--- a/config/zones/public.xml
+++ b/config/zones/public.xml
@@ -4,5 +4,4 @@
   <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
   <service name="ssh"/>
   <service name="dhcpv6-client"/>
-  <service name="cockpit"/>
 </zone>
diff --git a/config/zones/work.xml b/config/zones/work.xml
index 9609ee6..6ea5550 100644
--- a/config/zones/work.xml
+++ b/config/zones/work.xml
@@ -4,5 +4,4 @@
   <description>For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
   <service name="ssh"/>
   <service name="dhcpv6-client"/>
-  <service name="cockpit"/>
 </zone>
diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml
index c21ef87..fcfbfd2 100644
--- a/doc/xml/firewalld.conf.xml
+++ b/doc/xml/firewalld.conf.xml
@@ -197,7 +197,7 @@
                 to interface based zones (including the default zone). Packets
                 never drift from interface based zones to other interfaces
                 based zones (including the default zone).
-                Valid values; "yes", "no". Defaults to "yes".
+                Valid values; "yes", "no". Defaults to "no".
                 </para>
             </listitem>
         </varlistentry>
diff --git a/doc/xml/firewalld.dbus.xml b/doc/xml/firewalld.dbus.xml
index 1625b9d..5d77af9 100644
--- a/doc/xml/firewalld.dbus.xml
+++ b/doc/xml/firewalld.dbus.xml
@@ -274,7 +274,7 @@
             </listitem>
           </varlistentry>
           <varlistentry id="FirewallD1.Methods.getZoneSettings">
-            <term><methodname>getZoneSettings</methodname>(s: <parameter>zone</parameter>) &rarr; (sssbsasa(ss)asba(ssss)asasasasa(ss)b)</term>
+            <term><methodname>getZoneSettings</methodname>(s: <parameter>zone</parameter>) &rarr; (sssbsasa(ss)asba(ssss)asasasasa(ss))</term>
             <listitem>
               <para>
                 Return runtime settings of given <replaceable>zone</replaceable>.
@@ -2338,7 +2338,7 @@
             </listitem>
           </varlistentry>
           <varlistentry id="FirewallD1.config.Methods.addZone">
-            <term><methodname>addZone</methodname>(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings) &rarr; o</term>
+            <term><methodname>addZone</methodname>(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) &rarr; o</term>
             <listitem>
               <para>
 		Add <replaceable>zone</replaceable> with given <replaceable>settings</replaceable> into permanent configuration.
@@ -2591,7 +2591,7 @@
                 to interface based zones (including the default zone). Packets
                 never drift from interface based zones to other interfaces
                 based zones (including the default zone).
-                Valid values; "yes", "no". Defaults to "yes".
+                Valid values; "yes", "no". Defaults to "no".
             </para></listitem>
           </varlistentry>
           <varlistentry id="FirewallD1.config.Properties.AutomaticHelpers">
@@ -3810,7 +3810,7 @@
             </listitem>
           </varlistentry>
 	  <varlistentry id="FirewallD1.config.zone.Methods.getSettings">
-            <term><methodname>getSettings</methodname>() &rarr; (sssbsasa(ss)asba(ssss)asasasasa(ss)b)</term>
+            <term><methodname>getSettings</methodname>() &rarr; (sssbsasa(ss)asba(ssss)asasasasa(ss))</term>
             <listitem>
               <para>
                 Return permanent settings of given <replaceable>zone</replaceable>.
@@ -4309,7 +4309,7 @@
             </listitem>
           </varlistentry>
           <varlistentry id="FirewallD1.config.zone.Methods.update">
-            <term><methodname>update</methodname>((sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings) &rarr; Nothing</term>
+            <term><methodname>update</methodname>((sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) &rarr; Nothing</term>
             <listitem>
               <para>
 		Update settings of zone to <replaceable>settings</replaceable>.
diff --git a/doc/xml/firewalld.direct.xml b/doc/xml/firewalld.direct.xml
index d65b66f..de7b597 100644
--- a/doc/xml/firewalld.direct.xml
+++ b/doc/xml/firewalld.direct.xml
@@ -273,16 +273,16 @@
     <title>Example</title>
 
     <para>
-      Denylisting of the networks 192.168.1.0/24 and 192.168.5.0/24 with logging and dropping early in the raw table:
+      Blacklisting of the networks 192.168.1.0/24 and 192.168.5.0/24 with logging and dropping early in the raw table:
       
       <programlisting>
 &lt;?xml version="1.0" encoding="utf-8"?&gt;
 &lt;direct&gt;
-  &lt;chain ipv="ipv4" table="raw" chain="denylist"/&gt;
-  &lt;rule ipv="ipv4" table="raw" chain="PREROUTING" priority="0"&gt;-s 192.168.1.0/24 -j denylist&lt;/rule&gt;
-  &lt;rule ipv="ipv4" table="raw" chain="PREROUTING" priority="1"&gt;-s 192.168.5.0/24 -j denylist&lt;/rule&gt;
-  &lt;rule ipv="ipv4" table="raw" chain="denylist" priority="0"&gt;-m limit --limit 1/min -j LOG --log-prefix "denylisted: "&lt;/rule&gt;
-  &lt;rule ipv="ipv4" table="raw" chain="denylist" priority="1"&gt;-j DROP&lt;/rule&gt;
+  &lt;chain ipv="ipv4" table="raw" chain="blacklist"/&gt;
+  &lt;rule ipv="ipv4" table="raw" chain="PREROUTING" priority="0"&gt;-s 192.168.1.0/24 -j blacklist&lt;/rule&gt;
+  &lt;rule ipv="ipv4" table="raw" chain="PREROUTING" priority="1"&gt;-s 192.168.5.0/24 -j blacklist&lt;/rule&gt;
+  &lt;rule ipv="ipv4" table="raw" chain="blacklist" priority="0"&gt;-m limit --limit 1/min -j LOG --log-prefix "blacklisted: "&lt;/rule&gt;
+  &lt;rule ipv="ipv4" table="raw" chain="blacklist" priority="1"&gt;-j DROP&lt;/rule&gt;
 &lt;/direct&gt;
       </programlisting>
       
diff --git a/src/firewall-cmd.in b/src/firewall-cmd.in
index b6c2f84..317da5e 100755
--- a/src/firewall-cmd.in
+++ b/src/firewall-cmd.in
@@ -962,9 +962,6 @@ if (a.direct and not options_direct) or (options_direct and not a.direct):
     cmd.fail(parser.format_usage() +
              "Wrong usage of 'direct' options.")
 
-if a.zone and a.direct:
-    cmd.fail(parser.format_usage() + "--zone is an invalid option with --direct")
-
 if a.name and not (a.new_zone_from_file or a.new_service_from_file or \
                    a.new_ipset_from_file or a.new_icmptype_from_file or \
                    a.new_helper_from_file):
@@ -1074,9 +1071,6 @@ if a.permanent:
         if not a.type:
             cmd.fail(parser.format_usage() + "No type specified.")
 
-        if a.type=='hash:mac' and a.family:
-            cmd.fail(parser.format_usage()+ "--family is not compatible with the hash:mac type")
-
         settings = FirewallClientIPSetSettings()
         settings.setType(a.type)
         if a.option:
diff --git a/src/firewall-config.glade b/src/firewall-config.glade
index 6c057f6..689433c 100644
--- a/src/firewall-config.glade
+++ b/src/firewall-config.glade
@@ -9761,7 +9761,7 @@
               <object class="GtkLabel" id="label38">
                 <property name="can_focus">False</property>
                 <property name="halign">start</property>
-                <property name="label" translatable="yes">For host or network allow or denylisting deactivate the element.</property>
+                <property name="label" translatable="yes">For host or network white or blacklisting deactivate the element.</property>
                 <property name="wrap">True</property>
                 <property name="xalign">0</property>
                 <property name="yalign">0</property>
diff --git a/src/firewall-offline-cmd.in b/src/firewall-offline-cmd.in
index 98c0054..98ca3e8 100755
--- a/src/firewall-offline-cmd.in
+++ b/src/firewall-offline-cmd.in
@@ -168,9 +168,9 @@ IPSet Options
   --ipset=<ipset> --get-entries
                        List entries of an ipset
   --ipset=<ipset> --add-entries-from-file=<entry>
-                       Add a new entries to an ipset
+                       Add a new entries to an ipset [P]
   --ipset=<ipset> --remove-entries-from-file=<entry>
-                       Remove entries from an ipset
+                       Remove entries from an ipset [P]
 
 IcmpType Options
   --new-icmptype=<icmptype>
@@ -1577,9 +1577,6 @@ try:
         if not a.type:
             cmd.fail(parser.format_usage() + "No type specified.")
 
-        if a.type=='hash:mac' and a.family:
-            cmd.fail(parser.format_usage() + "--family is not compatible with the hash:mac type")
-        
         settings = FirewallClientIPSetSettings()
         settings.setType(a.type)
         if a.option:
diff --git a/src/firewall/client.py b/src/firewall/client.py
index ea27c01..efe5d7d 100644
--- a/src/firewall/client.py
+++ b/src/firewall/client.py
@@ -2488,9 +2488,7 @@ class FirewallClientConfig(object):
         elif type(settings) is dict:
             path = self.fw_config.addService2(name, settings)
         else:
-            # tuple based dbus API has 8 elements. Slice what we're given down
-            # to the expected size.
-            path = self.fw_config.addService(name, tuple(settings[:8]))
+            path = self.fw_config.addService(name, tuple(settings))
         return FirewallClientConfigService(self.bus, path)
 
     # icmptype
diff --git a/src/firewall/command.py b/src/firewall/command.py
index 8dee63b..c371dc2 100644
--- a/src/firewall/command.py
+++ b/src/firewall/command.py
@@ -428,7 +428,7 @@ class FirewallCommand(object):
                                                for port in ports]))
         self.print_msg("  protocols: " + " ".join(sorted(protocols)))
         self.print_msg("  masquerade: %s" % ("yes" if masquerade else "no"))
-        self.print_msg("  forward-ports: " + ("\n\t" if forward_ports else "") +
+        self.print_msg("  forward-ports: " +
                        "\n\t".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % \
                                     (port, proto, toport, toaddr)
                                     for (port, proto, toport, toaddr) in \
@@ -437,8 +437,8 @@ class FirewallCommand(object):
                        " ".join(["%s/%s" % (port[0], port[1])
                                  for port in source_ports]))
         self.print_msg("  icmp-blocks: " + " ".join(icmp_blocks))
-        self.print_msg("  rich rules: " + ("\n\t" if rules else "") +
-                            "\n\t".join(sorted(rules, key=rich_rule_sorted_key)))
+        self.print_msg("  rich rules: \n\t" + "\n\t".join(
+                            sorted(rules, key=rich_rule_sorted_key)))
 
     def print_service_info(self, service, settings):
         ports = settings.getPorts()
diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in
index 645c76b..481eb8d 100644
--- a/src/firewall/config/__init__.py.in
+++ b/src/firewall/config/__init__.py.in
@@ -130,4 +130,4 @@ FALLBACK_AUTOMATIC_HELPERS = "no"
 FALLBACK_FIREWALL_BACKEND = "nftables"
 FALLBACK_FLUSH_ALL_ON_RELOAD = True
 FALLBACK_RFC3964_IPV4 = True
-FALLBACK_ALLOW_ZONE_DRIFTING = True
+FALLBACK_ALLOW_ZONE_DRIFTING = False
diff --git a/src/firewall/core/fw_config.py b/src/firewall/core/fw_config.py
index 35f623f..8f29f0c 100644
--- a/src/firewall/core/fw_config.py
+++ b/src/firewall/core/fw_config.py
@@ -566,6 +566,7 @@ class FirewallConfig(object):
 
         if obj.builtin:
             x = copy.copy(obj)
+            x.cleanup()
             x.import_config(conf_dict)
             x.path = config.ETC_FIREWALLD_SERVICES
             x.builtin = False
@@ -575,6 +576,7 @@ class FirewallConfig(object):
             service_writer(x)
             return x
         else:
+            obj.cleanup()
             obj.import_config(conf_dict)
             service_writer(obj)
             return obj
diff --git a/src/firewall/core/fw_ipset.py b/src/firewall/core/fw_ipset.py
index 90b24c6..68f016b 100644
--- a/src/firewall/core/fw_ipset.py
+++ b/src/firewall/core/fw_ipset.py
@@ -117,11 +117,6 @@ class FirewallIPSet(object):
                         # no entries visible for ipsets with timeout
                         continue
 
-                try:
-                    backend.set_flush(obj.name)
-                except Exception as msg:
-                    raise FirewallError(errors.COMMAND_FAILED, msg)
-
                 for entry in obj.entries:
                     try:
                         backend.set_add(obj.name, entry)
diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index b9fe1f6..59c9401 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -188,7 +188,7 @@ class FirewallZone(object):
             if splits[1] not in self.get_zones():
                 return None
             if len(splits) == 2 or \
-               (len(splits) == 3 and splits[2] in [ "pre", "log", "deny", "allow", "post" ]):
+               (len(splits) == 3 and splits[2] in [ "log", "deny", "allow" ]):
                 return (splits[1], _chain)
         return None
 
@@ -200,12 +200,14 @@ class FirewallZone(object):
             x = self.zone_from_chain(chain)
             if x is not None:
                 (_zone, _chain) = x
+
                 if use_transaction is None:
                     transaction = self.new_transaction()
                 else:
                     transaction = use_transaction
 
-                self.gen_chain_rules(_zone, True, table, _chain, transaction)
+                self.gen_chain_rules(_zone, True, [(table, _chain)],
+                                     transaction)
 
                 if use_transaction is None:
                     transaction.execute(True)
@@ -1522,17 +1524,14 @@ class FirewallZone(object):
                     transaction.add_rules(backend, rules)
 
     def _rule_prepare(self, enable, zone, rule, transaction):
-        ipvs = []
-        if rule.family:
+        if rule.family is not None:
             ipvs = [ rule.family ]
-        elif rule.element and (isinstance(rule.element, Rich_IcmpBlock) or isinstance(rule.element, Rich_IcmpType)):
-            ict = self._fw.icmptype.get_icmptype(rule.element.name)
-            if ict.destination:
-                ipvs = [ipv for ipv in ["ipv4", "ipv6"] if ipv in ict.destination]
+        else:
+            ipvs = [ipv for ipv in ["ipv4", "ipv6"] if self._fw.is_ipv_enabled(ipv)]
 
         source_ipv = self._rule_source_ipv(rule.source)
-        if source_ipv:
-            if rule.family:
+        if source_ipv is not None and source_ipv != "":
+            if rule.family is not None:
                 # rule family is defined by user, no way to change it
                 if rule.family != source_ipv:
                     raise FirewallError(errors.INVALID_RULE,
@@ -1541,9 +1540,6 @@ class FirewallZone(object):
                 # use the source family as rule family
                 ipvs = [ source_ipv ]
 
-        if not ipvs:
-            ipvs = [ipv for ipv in ["ipv4", "ipv6"] if self._fw.is_ipv_enabled(ipv)]
-
         # add an element to object to allow backends to know what ipvs this applies to
         rule.ipvs = ipvs
 
@@ -1705,6 +1701,16 @@ class FirewallZone(object):
                     # icmp block might have reject or drop action, but not accept
                     raise FirewallError(errors.INVALID_RULE,
                                         "IcmpBlock not usable with accept action")
+                if ict.destination:
+                    for ipv in ipvs:
+                        if ipv in ict.destination \
+                           and not backend.is_ipv_supported(ipv):
+                            raise FirewallError(
+                                errors.INVALID_RULE,
+                                "Icmp%s %s not usable with %s" % \
+                                ("Block" if type(rule.element) == \
+                                 Rich_IcmpBlock else "Type",
+                                 rule.element.name, backend.name))
 
                 table = "filter"
                 if enable:
diff --git a/src/firewall/core/io/service.py b/src/firewall/core/io/service.py
index 0387b6c..cf343fe 100644
--- a/src/firewall/core/io/service.py
+++ b/src/firewall/core/io/service.py
@@ -96,7 +96,7 @@ class Service(IO_Object):
         conf = {}
         type_formats = dict([(x[0], x[1]) for x in self.IMPORT_EXPORT_STRUCTURE])
         for key in type_formats:
-            if getattr(self, key) or isinstance(getattr(self, key), bool):
+            if getattr(self, key):
                 conf[key] = copy.deepcopy(getattr(self, key))
         return conf
 
diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
index 0198200..a9d5a45 100644
--- a/src/firewall/core/nftables.py
+++ b/src/firewall/core/nftables.py
@@ -993,8 +993,7 @@ class nftables(object):
         if rich_rule.log.prefix:
             log_options["prefix"] = "%s" % rich_rule.log.prefix
         if rich_rule.log.level:
-            level = "warn" if "warning" == rich_rule.log.level else rich_rule.log.level
-            log_options["level"] = "%s" % level
+            log_options["level"] = "%s" % rich_rule.log.level
 
         rule = {"family": "inet",
                 "table": TABLE_NAME,
@@ -1065,7 +1064,7 @@ class nftables(object):
                 if addr_field == "daddr":
                     raise FirewallError(INVALID_RULE, "%s._rule_addr_fragment()", (self.__class__))
                 family = "ether"
-            elif check_single_address("ipv4", address):
+            if check_single_address("ipv4", address):
                 family = "ip"
             elif check_address("ipv4", address):
                 family = "ip"
@@ -1383,7 +1382,7 @@ class nftables(object):
             return ICMP_TYPES_FRAGMENTS[ipv][icmp_type]
         else:
             raise FirewallError(INVALID_ICMPTYPE,
-                                "ICMP type '%s' not supported by %s for %s" % (icmp_type, self.name, ipv))
+                                "ICMP type '%s' not supported by %s" % (icmp_type, self.name))
 
     def build_zone_icmp_block_rules(self, enable, zone, ict, rich_rule=None):
         table = "filter"
@@ -1681,7 +1680,7 @@ class nftables(object):
                     port_str = entry_tokens[i][index+1:]
 
                 try:
-                    index = port_str.index("-")
+                    index = entry_tokens[i].index("-")
                 except ValueError:
                     fragment.append(port_str)
                 else:
diff --git a/src/firewall/core/rich.py b/src/firewall/core/rich.py
index 86c0c99..dacaeb9 100644
--- a/src/firewall/core/rich.py
+++ b/src/firewall/core/rich.py
@@ -379,10 +379,7 @@ class Rich_Rule(object):
                         raise FirewallError(errors.INVALID_RULE, "'family' attribute cannot have '%s' value. Use 'ipv4' or 'ipv6' instead." % attr_value)
                     self.family = attr_value
                 elif attr_name == 'priority':
-                    try:
-                        self.priority = int(attr_value)
-                    except ValueError:
-                        raise FirewallError(errors.INVALID_PRIORITY, "invalid 'priority' attribute value '%s'." % attr_value)
+                    self.priority = int(attr_value)
                 elif attr_name:
                     if attr_name == 'protocol':
                         err_msg = "wrong 'protocol' usage. Use either 'rule protocol value=...' or  'rule [forward-]port protocol=...'."
diff --git a/src/firewall/fw_types.py b/src/firewall/fw_types.py
index 3d90c18..07c69c6 100644
--- a/src/firewall/fw_types.py
+++ b/src/firewall/fw_types.py
@@ -54,10 +54,10 @@ class LastUpdatedOrderedDict(object):
         self._dict[key] = value
 
     def __getitem__(self, key):
-        if type(key) == int:
-            return self._list[key]
-        else:
+        if key in self._dict:
             return self._dict[key]
+        else:
+            return self._list[key]
 
     def __len__(self):
         return len(self._list)
diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
index b7556b3..6be6781 100644
--- a/src/tests/Makefile.am
+++ b/src/tests/Makefile.am
@@ -48,7 +48,7 @@ $(TESTSUITE) $(TESTSUITE_INTEGRATION): $(TESTSUITE_FILES) $(srcdir)/package.m4
 	$(AUTOTEST) -I '$(srcdir)' -o $@.tmp $@.at
 	mv $@.tmp $@
 
-CONTAINER_TARGETS = check-container-debian-sid check-container-fedora-rawhide check-container-centos8-stream
+CONTAINER_TARGETS = check-container-debian-sid check-container-fedora-rawhide
 
 check-container-debian-sid-image: check-container-%-image:
 	(cd $(abs_top_srcdir) && { \
@@ -76,28 +76,11 @@ check-container-fedora-rawhide-image: check-container-%-image:
 	echo "COPY . /tmp/firewalld"; \
 	} | $(PODMAN) build -t firewalld-testsuite-$* -f - . )
 
-check-container-centos8-stream-image: check-container-%-image:
-	(cd $(abs_top_srcdir) && { \
-	echo "FROM centos:8" && \
-	echo "RUN dnf -y makecache" && \
-	echo "RUN dnf -y install centos-release-stream" && \
-	echo "RUN dnf -y install autoconf automake conntrack-tools desktop-file-utils \
-	                 docbook-style-xsl file gettext glib2-devel intltool ipset \
-	                 iptables iptables-ebtables nftables libtool libxml2 \
-	                 libxslt make nftables python3-nftables python3-slip-dbus \
-	                 python3-gobject-base diffutils procps-ng iproute which dbus-daemon \
-	                 NetworkManager" && \
-	echo "COPY . /tmp/firewalld"; \
-	} | $(PODMAN) build -t firewalld-testsuite-$* -f - . )
-
-check-container-debian-sid: PYTHON=/usr/bin/python3
-check-container-fedora-rawhide: PYTHON=/usr/bin/python3
-check-container-centos8-stream: PYTHON=/usr/libexec/platform-python
 $(CONTAINER_TARGETS): check-container-%: check-container-%-image
 	$(PODMAN) run -i --rm --privileged firewalld-testsuite-$* bash -c " \
 	cd /tmp/firewalld && \
 	./autogen.sh && \
-	./configure PYTHON=\"${PYTHON}\" && \
+	./configure PYTHON=/usr/bin/python3 && \
 	make && \
 	{ make -C src/tests check-local TESTSUITEFLAGS=\"$(TESTSUITEFLAGS)\" || \
 	  make -C src/tests check-local TESTSUITEFLAGS=\"--recheck --errexit --verbose\" ; } && \
diff --git a/src/tests/cli/firewall-cmd.at b/src/tests/cli/firewall-cmd.at
index ad7b1b3..806af74 100644
--- a/src/tests/cli/firewall-cmd.at
+++ b/src/tests/cli/firewall-cmd.at
@@ -696,10 +696,6 @@ FWD_START_TEST([ipset])
     CHECK_IPSET
     CHECK_IPSET_HASH_MAC
 
-    dnl Expected test results assume this is set to "no"
-    AT_CHECK([sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf])
-    FWD_RELOAD
-
     FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip], 0, ignore)
     FWD_CHECK([--reload], 0, ignore)
     FWD_CHECK([--ipset=foobar --get-entries], 0, [
@@ -743,7 +739,6 @@ FWD_START_TEST([ipset])
     dnl multi dimensional set with non default protocol
     FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip,port], 0, ignore)
     FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234], 0, ignore)
-    FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,udp:1000-1002], 0, ignore)
     FWD_RELOAD
     FWD_CHECK([--ipset=foobar --add-entry=20.20.20.20,8080], 0, ignore)
     FWD_CHECK([--zone internal --add-source=ipset:foobar], 0, ignore)
@@ -753,7 +748,6 @@ FWD_START_TEST([ipset])
                 type ipv4_addr . inet_proto . inet_service
                 flags interval
                 elements = { 10.10.10.10 . sctp . 1234,
-                             10.10.10.10 . udp . 1000-1002,
                              20.20.20.20 . tcp . 8080 }
             }
         }
@@ -771,9 +765,6 @@ FWD_START_TEST([ipset])
         Type: hash:ip,port
         Members:
         10.10.10.10,sctp:1234
-        10.10.10.10,udp:1000
-        10.10.10.10,udp:1001
-        10.10.10.10,udp:1002
         20.20.20.20,tcp:8080
     ])
     FWD_CHECK([--ipset=foobar --add-entry=1.2.3.4,sctp:8080], 0, ignore)
@@ -1206,10 +1197,6 @@ FWD_START_TEST([rich rules priority])
 
     CHECK_LOG_AUDIT
 
-    dnl Expected test results assume this is set to "no"
-    AT_CHECK([sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf])
-    FWD_RELOAD
-
     dnl Verify generic layout of zone
     NFT_LIST_RULES([inet], [filter_IN_public], 0, [dnl
         table inet firewalld {
@@ -1298,7 +1285,6 @@ FWD_START_TEST([rich rules priority])
         chain filter_IN_public_allow {
         tcp dport 22 ct state new,untracked accept
         ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
-        tcp dport 9090 ct state new,untracked accept
         tcp dport 1122 ct state new,untracked accept
         tcp dport 3333 ct state new,untracked accept
         tcp dport 4444 ct state new,untracked accept
@@ -1314,7 +1300,6 @@ FWD_START_TEST([rich rules priority])
     ])
     IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
         ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
-        ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
         ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1122 ctstate NEW,UNTRACKED
         ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3333 ctstate NEW,UNTRACKED
         ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4444 ctstate NEW,UNTRACKED
@@ -1329,7 +1314,6 @@ FWD_START_TEST([rich rules priority])
     IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
         ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
         ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
-        ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
         ACCEPT tcp ::/0 ::/0 tcp dpt:1122 ctstate NEW,UNTRACKED
         ACCEPT tcp ::/0 ::/0 tcp dpt:3333 ctstate NEW,UNTRACKED
         ACCEPT tcp ::/0 ::/0 tcp dpt:4444 ctstate NEW,UNTRACKED
@@ -1411,7 +1395,6 @@ FWD_START_TEST([rich rules priority])
         chain filter_IN_public_allow {
         tcp dport 22 ct state new,untracked accept
         ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
-        tcp dport 9090 ct state new,untracked accept
         }
         }
     ])
@@ -1515,7 +1498,6 @@ FWD_START_TEST([rich rules priority])
     ])
     IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
         ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
-        ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
     ])
     IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl
     ])
@@ -1550,7 +1532,6 @@ FWD_START_TEST([rich rules priority])
     IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
         ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
         ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
-        ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
     ])
     IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl
     ])
@@ -1598,7 +1579,6 @@ FWD_START_TEST([rich rules priority])
         chain filter_IN_public_allow {
         tcp dport 22 ct state new,untracked accept
         ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
-        tcp dport 9090 ct state new,untracked accept
         icmp type echo-request accept
         icmpv6 type echo-request accept
         }
@@ -1639,7 +1619,6 @@ FWD_START_TEST([rich rules priority])
     ])
     IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
         ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
-        ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
         ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
     ])
     IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl
@@ -1662,7 +1641,6 @@ FWD_START_TEST([rich rules priority])
     IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
         ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
         ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
-        ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
         ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128
     ])
     IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl
@@ -1719,7 +1697,6 @@ FWD_START_TEST([rich rules priority])
         chain filter_IN_public_allow {
         tcp dport 22 ct state new,untracked accept
         ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
-        tcp dport 9090 ct state new,untracked accept
         }
         }
     ])
@@ -1757,7 +1734,6 @@ FWD_START_TEST([rich rules priority])
     ])
     IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
         ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
-        ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
     ])
     IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl
     ])
@@ -1778,7 +1754,6 @@ FWD_START_TEST([rich rules priority])
     IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
         ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
         ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
-        ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
     ])
     IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl
     ])
@@ -1804,7 +1779,7 @@ FWD_START_TEST([rich rules priority])
         icmp-block-inversion: no
         interfaces:
         sources:
-        services: cockpit dhcpv6-client ssh
+        services: dhcpv6-client ssh
         ports:
         protocols:
         masquerade: no
diff --git a/src/tests/dbus/dbus.at b/src/tests/dbus/dbus.at
index d9f7a29..46fec2f 100644
--- a/src/tests/dbus/dbus.at
+++ b/src/tests/dbus/dbus.at
@@ -1,7 +1,3 @@
 AT_BANNER([dbus])
 m4_include([dbus/firewalld.conf.at])
 m4_include([dbus/service.at])
-m4_include([dbus/zone_permanent_signatures.at])
-m4_include([dbus/zone_runtime_signatures.at])
-m4_include([dbus/zone_permanent_functional.at])
-m4_include([dbus/zone_runtime_functional.at])
diff --git a/src/tests/dbus/firewalld.conf.at b/src/tests/dbus/firewalld.conf.at
index 14d8776..35aead7 100644
--- a/src/tests/dbus/firewalld.conf.at
+++ b/src/tests/dbus/firewalld.conf.at
@@ -1,32 +1,36 @@
 FWD_START_TEST([firewalld.conf])
 AT_KEYWORDS(dbus)
 
-IF_HOST_SUPPORTS_NFT_FIB([
-   EXPECTED_IPV6_RPFILTER_VALUE=yes
-], [
-   EXPECTED_IPV6_RPFILTER_VALUE=no
-])
-
-IF_HOST_SUPPORTS_NFT_RULE_INDEX([
-    EXPECTED_INDIVIDUAL_CALLS_VALUE=no
-], [
-    EXPECTED_INDIVIDUAL_CALLS_VALUE=yes
-])
-
 dnl Verify defaults over dbus. Should be inline with default firewalld.conf.
+IF_HOST_SUPPORTS_NFT_FIB([
 DBUS_GETALL([config], [config], 0, [dnl
-string "AllowZoneDrifting" : variant string "yes"
+string "AllowZoneDrifting" : variant string "no"
 string "AutomaticHelpers" : variant string "no"
 string "CleanupOnExit" : variant string "no"
 string "DefaultZone" : variant string "public"
 string "FirewallBackend" : variant string "nftables"
 string "FlushAllOnReload" : variant string "yes"
-string "IPv6_rpfilter" : variant string m4_escape(["${EXPECTED_IPV6_RPFILTER_VALUE}"])
-string "IndividualCalls" : variant string m4_escape(["${EXPECTED_INDIVIDUAL_CALLS_VALUE}"])
+string "IPv6_rpfilter" : variant string "yes"
+string "IndividualCalls" : variant string "no"
 string "Lockdown" : variant string "no"
 string "LogDenied" : variant string "off"
 string "MinimalMark" : variant int32 100
 string "RFC3964_IPv4" : variant string "yes"
+])], [
+DBUS_GETALL([config], [config], 0, [dnl
+string "AllowZoneDrifting" : variant string "no"
+string "AutomaticHelpers" : variant string "no"
+string "CleanupOnExit" : variant string "no"
+string "DefaultZone" : variant string "public"
+string "FirewallBackend" : variant string "nftables"
+string "FlushAllOnReload" : variant string "yes"
+string "IPv6_rpfilter" : variant string "no"
+string "IndividualCalls" : variant string "no"
+string "Lockdown" : variant string "no"
+string "LogDenied" : variant string "off"
+string "MinimalMark" : variant int32 100
+string "RFC3964_IPv4" : variant string "yes"
+])
 ])
 
 m4_define([_helper], [
diff --git a/src/tests/dbus/zone_permanent_functional.at b/src/tests/dbus/zone_permanent_functional.at
deleted file mode 100644
index 7564598..0000000
--- a/src/tests/dbus/zone_permanent_functional.at
+++ /dev/null
@@ -1,363 +0,0 @@
-FWD_START_TEST([dbus api - zone permanent functional])
-AT_KEYWORDS(dbus zone gh586)
-
-dnl ####################
-dnl Global APIs
-dnl ####################
-
-DBUS_CHECK([config], [config.addZone],
-    ["foobar" dnl name
-     '("1.0", dnl version
-       "foobar", dnl short
-       "foobar zone", dnl description
-       false, dnl bogus/unused
-       "ACCEPT", dnl target
-       @<:@"ssh", "mdns"@:>@, dnl services
-       @<:@("1234", "tcp"), ("1234", "udp")@:>@, dnl ports
-       @<:@"echo-request"@:>@, dnl ICMP Blocks
-       true, dnl masquerade
-       @<:@("1234", "tcp", "4321", ""), ("1234", "udp", "4321", "10.10.10.10")@:>@, dnl forward ports
-       @<:@"dummy0", "dummy1"@:>@, dnl interfaces
-       @<:@"10.10.10.0/24"@:>@, dnl sources
-       @<:@"rule family=ipv4 source address=10.20.20.20 drop"@:>@, dnl rules_str
-       @<:@"icmp"@:>@, dnl protocols
-       @<:@("1234", "tcp"), ("1234", "udp")@:>@, dnl source ports
-       false dnl ICMP block inversion
-      )'dnl
-    ], 0, [stdout])
-DBUS_FOOBAR_ZONE_OBJ=[$(sed -e "s/.*config\/zone\/\([^']\+\)['].*/\1/" ./stdout)]
-export DBUS_FOOBAR_ZONE_OBJ
-
-dnl Get Zones
-dnl
-if NS_CMD([firewall-cmd --get-zones |grep "nm-shared" >/dev/null]); then
-    NM_SHARED="'nm-shared', "
-    export NM_SHARED
-fi
-DBUS_CHECK([config], [config.getZoneNames], [], 0, [dnl
-    (@<:@'block', 'dmz', 'drop', 'external', 'foobar', 'home', 'internal', m4_escape([${NM_SHARED}])'public', 'trusted', 'work'@:>@,)
-])
-DBUS_CHECK([config], [config.listZones], [], 0, [stdout])
-NS_CHECK([sed -e ["s/['][,]/'\n/g"] ./stdout |dnl
-          sed -e ["s/.*config\/zone\/\([^']\+\)['].*/\1/"] |dnl
-          while read LINE; do { echo "${LINE}" | grep ["^[0-9]\+$"] ; } || exit 1; done], 0, [ignore])
-DBUS_CHECK([config], [config.getZoneByName], ["public"], 0, [stdout])
-NS_CHECK([sed -e ["s/.*config\/zone\/\([^']\+\)['].*/\1/"] ./stdout | grep ["^[0-9]\+$"]], 0, [ignore])
-
-dnl Interfaces
-FWD_CHECK([-q --permanent --zone public --add-interface dummy2])
-DBUS_CHECK([config], [config.getZoneOfInterface], ["dummy2"], 0, [dnl
-    ('public',)
-])
-FWD_CHECK([-q --permanent --zone public --remove-interface dummy2])
-
-dnl Sources
-FWD_CHECK([-q --permanent --zone public --add-source 10.20.20.0/24])
-DBUS_CHECK([config], [config.getZoneOfSource], ["10.20.20.0/24"], 0, [dnl
-    ('public',)
-])
-FWD_CHECK([-q --permanent --zone public --remove-source 10.20.20.0/24])
-
-dnl ####################
-dnl Zone object APIs
-dnl ####################
-
-DBUS_CHECK([config/zone/${DBUS_FOOBAR_ZONE_OBJ}], [config.zone.getSettings], [], 0, [dnl
-     (('1.0', dnl version
-       'foobar', dnl short
-       'foobar zone', dnl description
-       false, dnl bogus/unused
-       'ACCEPT', dnl target
-       @<:@'ssh', 'mdns'@:>@, dnl services
-       @<:@('1234', 'tcp'), ('1234', 'udp')@:>@, dnl ports
-       @<:@'echo-request'@:>@, dnl ICMP Blocks
-       true, dnl masquerade
-       @<:@('1234', 'tcp', '4321', ''), ('1234', 'udp', '4321', '10.10.10.10')@:>@, dnl forward ports
-       @<:@'dummy0', 'dummy1'@:>@, dnl interfaces
-       @<:@'10.10.10.0/24'@:>@, dnl sources
-       @<:@'rule family="ipv4" source address="10.20.20.20" drop'@:>@, dnl rules_str
-       @<:@'icmp'@:>@, dnl protocols
-       @<:@('1234', 'tcp'), ('1234', 'udp')@:>@, dnl source ports
-       false),)
-])
-
-dnl Verify update works
-dnl
-DBUS_CHECK([config/zone/${DBUS_FOOBAR_ZONE_OBJ}], [config.zone.update], [dnl
-     '("1.1", dnl version
-       "foobar v2", dnl short
-       "foobar zone updated", dnl description
-       false, dnl bogus/unused
-       "ACCEPT", dnl target
-       @<:@"ssh", "mdns", "samba"@:>@, dnl services
-       @<:@("1234", "tcp"), ("4444", "udp")@:>@, dnl ports
-       @<:@"echo-request", "echo-reply"@:>@, dnl ICMP Blocks
-       false, dnl masquerade
-       @<:@("1234", "tcp", "4321", "")@:>@, dnl forward ports
-       @<:@"dummy0", "dummy1", "dummy2"@:>@, dnl interfaces
-       @<:@"10.10.10.0/24", "10.20.0.0/16"@:>@, dnl sources
-       @<:@"rule family=ipv4 source address=10.20.20.20 reject"@:>@, dnl rules_str
-       @<:@"icmp", "ipv6-icmp"@:>@, dnl protocols
-       @<:@("1234", "tcp"), ("6666", "udp")@:>@, dnl source ports
-       true dnl ICMP block inversion
-      )'dnl
-    ], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_FOOBAR_ZONE_OBJ}], [config.zone.getSettings], [], 0, [dnl
-     (('1.1', dnl version
-       'foobar v2', dnl short
-       'foobar zone updated', dnl description
-       false, dnl bogus/unused
-       'ACCEPT', dnl target
-       @<:@'ssh', 'mdns', 'samba'@:>@, dnl services
-       @<:@('1234', 'tcp'), ('4444', 'udp')@:>@, dnl ports
-       @<:@'echo-request', 'echo-reply'@:>@, dnl ICMP Blocks
-       false, dnl masquerade
-       @<:@('1234', 'tcp', '4321', '')@:>@, dnl forward ports
-       @<:@'dummy0', 'dummy1', 'dummy2'@:>@, dnl interfaces
-       @<:@'10.10.10.0/24', '10.20.0.0/16'@:>@, dnl sources
-       @<:@'rule family="ipv4" source address="10.20.20.20" reject'@:>@, dnl rules_str
-       @<:@'icmp', 'ipv6-icmp'@:>@, dnl protocols
-       @<:@('1234', 'tcp'), ('6666', 'udp')@:>@, dnl source ports
-       true),)
-])
-
-dnl Rename
-DBUS_CHECK([config/zone/${DBUS_FOOBAR_ZONE_OBJ}], [config.zone.rename], ["foobar-renamed"], 0, [ignore])
-DBUS_CHECK([config], [config.getZoneByName], ["foobar-renamed"], 0, [ignore])
-
-dnl Remove
-DBUS_CHECK([config/zone/${DBUS_FOOBAR_ZONE_OBJ}], [config.zone.remove], [], 0, [ignore])
-DBUS_CHECK([config], [config.getZoneByName], ["foobar-renamed"], 1, [ignore], [ignore])
-
-dnl Get a reference to the public zone. We'll use for the rest of the tests.
-DBUS_CHECK([config], [config.getZoneByName], ["public"], 0, [stdout])
-DBUS_PUBLIC_ZONE_OBJ=[$(sed -e "s/.*config\/zone\/\([^']\+\)['].*/\1/" ./stdout)]
-export DBUS_PUBLIC_ZONE_OBJ
-
-dnl loadDefaults
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.loadDefaults], [], 0, [ignore])
-
-dnl Version
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getVersion], [], 0, [dnl
-    ('',)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setVersion], ["1.1"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getVersion], [], 0, [dnl
-    ('1.1',)
-])
-
-dnl Short
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getShort], [], 0, [dnl
-    ('Public',)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setShort], ["Public updated"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getShort], [], 0, [dnl
-    ('Public updated',)
-])
-
-dnl Description
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getDescription], [], 0, [dnl
-    ('For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.',)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setDescription], ["A shorter description."], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getDescription], [], 0, [dnl
-    ('A shorter description.',)
-])
-
-dnl Target
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getTarget], [], 0, [dnl
-    ('default',)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setTarget], ["ACCEPT"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getTarget], [], 0, [dnl
-    ('ACCEPT',)
-])
-
-dnl Interfaces
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addInterface], ["dummy0"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryInterface], ["dummy0"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryInterface], ["dummy1"], 0, [dnl
-    (false,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setInterfaces], [['["dummy0", "dummy1"]']], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getInterfaces], [], 0, [dnl
-    [(['dummy0', 'dummy1'],)]
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeInterface], ["dummy0"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getInterfaces], [], 0, [dnl
-    [(['dummy1'],)]
-])
-
-dnl Sources
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addSource], ["10.10.10.0/24"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.querySource], ["10.10.10.0/24"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.querySource], ["10.20.20.0/24"], 0, [dnl
-    (false,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setSources], [['["10.10.10.0/24", "10.20.20.0/24"]']], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getSources], [], 0, [dnl
-    [(['10.10.10.0/24', '10.20.20.0/24'],)]
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeSource], ["10.10.10.0/24"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getSources], [], 0, [dnl
-    [(['10.20.20.0/24'],)]
-])
-
-dnl Services
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addService], ["samba"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryService], ["samba"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryService], ["https"], 0, [dnl
-    (false,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setServices], [['["samba", "https"]']], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getServices], [], 0, [dnl
-    [(['samba', 'https'],)]
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeService], ["samba"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getServices], [], 0, [dnl
-    [(['https'],)]
-])
-
-dnl Ports
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addPort], ["1234" "tcp"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryPort], ["1234" "tcp"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryPort], ["4321" "udp"], 0, [dnl
-    (false,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setPorts], [['[("1234", "tcp"), ("4321", "udp")]']], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getPorts], [], 0, [dnl
-    [([('1234', 'tcp'), ('4321', 'udp')],)]
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removePort], ["1234" "tcp"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getPorts], [], 0, [dnl
-    [([('4321', 'udp')],)]
-])
-
-dnl Source Ports
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addSourcePort], ["1234" "tcp"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.querySourcePort], ["1234" "tcp"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.querySourcePort], ["4321" "udp"], 0, [dnl
-    (false,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setSourcePorts], [['[("1234", "tcp"), ("4321", "udp")]']], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getSourcePorts], [], 0, [dnl
-    [([('1234', 'tcp'), ('4321', 'udp')],)]
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeSourcePort], ["1234" "tcp"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getSourcePorts], [], 0, [dnl
-    [([('4321', 'udp')],)]
-])
-
-dnl Forward Ports
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addForwardPort], ["1234" "tcp" "1111" ""], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryForwardPort], ["1234" "tcp" "1111" ""], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryForwardPort], ["4321" "udp" "4444" "10.10.10.10"], 0, [dnl
-    (false,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setForwardPorts], [['[("1234", "tcp", "1111", ""), ("4321", "udp", "4444", "10.10.10.10")]']], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getForwardPorts], [], 0, [dnl
-    [([('1234', 'tcp', '1111', ''), ('4321', 'udp', '4444', '10.10.10.10')],)]
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeForwardPort], ["1234" "tcp" "1111" ""], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getForwardPorts], [], 0, [dnl
-    [([('4321', 'udp', '4444', '10.10.10.10')],)]
-])
-
-dnl Protocols
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addProtocol], ["icmp"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryProtocol], ["icmp"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryProtocol], ["igmp"], 0, [dnl
-    (false,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setProtocols], [['["icmp", "igmp"]']], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getProtocols], [], 0, [dnl
-    [(['icmp', 'igmp'],)]
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeProtocol], ["icmp"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getProtocols], [], 0, [dnl
-    [(['igmp'],)]
-])
-
-dnl Masquerade
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryMasquerade], [], 0, [dnl
-    (false,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addMasquerade], [], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryMasquerade], [], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setMasquerade], [true], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getMasquerade], [], 0, [dnl
-    [(true,)]
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeMasquerade], [], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getMasquerade], [], 0, [dnl
-    [(false,)]
-])
-
-dnl ICMP Block
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addIcmpBlock], ["echo-reply"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryIcmpBlock], ["echo-reply"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryIcmpBlock], ["echo-request"], 0, [dnl
-    (false,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setIcmpBlocks], [['["echo-reply", "echo-request"]']], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getIcmpBlocks], [], 0, [dnl
-    [(['echo-reply', 'echo-request'],)]
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeIcmpBlock], ["echo-reply"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getIcmpBlocks], [], 0, [dnl
-    [(['echo-request'],)]
-])
-
-dnl ICMP Block Inversion
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryIcmpBlockInversion], [], 0, [dnl
-    (false,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addIcmpBlockInversion], [], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryIcmpBlockInversion], [], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setIcmpBlockInversion], [true], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getIcmpBlockInversion], [], 0, [dnl
-    [(true,)]
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeIcmpBlockInversion], [], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getIcmpBlockInversion], [], 0, [dnl
-    [(false,)]
-])
-
-dnl Rich Rules
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addRichRule], ["rule family=ipv4 source address=10.10.10.0/24 accept"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryRichRule], ["rule family=ipv4 source address=10.10.10.0/24 accept"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryRichRule], ["rule family=ipv4 source address=10.20.20.0/24 drop"], 0, [dnl
-    (false,)
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setRichRules], [['["rule family=ipv4 source address=10.10.10.0/24 accept", "rule family=ipv4 source address=10.20.20.0/24 drop"]']], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getRichRules], [], 0, [dnl
-    [(['rule family="ipv4" source address="10.10.10.0/24" accept', 'rule family="ipv4" source address="10.20.20.0/24" drop'],)]
-])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeRichRule], ["rule family=ipv4 source address=10.10.10.0/24 accept"], 0, [ignore])
-DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getRichRules], [], 0, [dnl
-    [(['rule family="ipv4" source address="10.20.20.0/24" drop'],)]
-])
-
-FWD_END_TEST([-e '/ERROR: INVALID_ZONE: foobar-renamed/d'])
diff --git a/src/tests/dbus/zone_permanent_signatures.at b/src/tests/dbus/zone_permanent_signatures.at
deleted file mode 100644
index 1531955..0000000
--- a/src/tests/dbus/zone_permanent_signatures.at
+++ /dev/null
@@ -1,464 +0,0 @@
-FWD_START_TEST([dbus api - zone permanent signatures])
-AT_KEYWORDS(dbus zone gh586)
-
-dnl ####################
-dnl Global APIs
-dnl ####################
-
-DBUS_INTROSPECT([config], [[//method[@name="listZones"]]], 0, [dnl
-    <method name="listZones">
-        <arg direction="out" type="ao"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config], [[//method[@name="getZoneNames"]]], 0, [dnl
-    <method name="getZoneNames">
-        <arg direction="out" type="as"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config], [[//method[@name="getZoneByName"]]], 0, [dnl
-    <method name="getZoneByName">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="out" type="o"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config], [[//method[@name="addZone"]]], 0, [dnl
-    <method name="addZone">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="settings" type="(sssbsasa(ss)asba(ssss)asasasasa(ss)b)"></arg>
-        <arg direction="out" type="o"></arg>
-    </method>
-])
-
-dnl zone relation to interface/sources
-DBUS_INTROSPECT([config], [[//method[@name="getZoneOfInterface"]]], 0, [dnl
-    <method name="getZoneOfInterface">
-        <arg direction="in" name="iface" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config], [[//method[@name="getZoneOfSource"]]], 0, [dnl
-    <method name="getZoneOfSource">
-        <arg direction="in" name="source" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-
-
-dnl ####################
-dnl Zone object APIs
-dnl ####################
-
-dnl Get a reference to the public zone. We'll use it to introspect APIs.
-DBUS_CHECK([config], [config.getZoneByName], ["public"], 0, [stdout])
-DBUS_PUBLIC_ZONE_OBJ=[$(sed -e "s/.*config\/zone\/\([^']\+\)['].*/\1/" ./stdout)]
-export DBUS_PUBLIC_ZONE_OBJ
-
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getSettings"]]], 0, [dnl
-    <method name="getSettings">
-        <arg direction="out" type="(sssbsasa(ss)asba(ssss)asasasasa(ss)b)"></arg>
-    </method>
-])
-
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="update"]]], 0, [dnl
-    <method name="update">
-        <arg direction="in" name="settings" type="(sssbsasa(ss)asba(ssss)asasasasa(ss)b)"></arg>
-    </method>
-])
-
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="loadDefaults"]]], 0, [dnl
-    <method name="loadDefaults">
-    </method>
-])
-
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="remove"]]], 0, [dnl
-    <method name="remove">
-    </method>
-])
-
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="rename"]]], 0, [dnl
-    <method name="rename">
-        <arg direction="in" name="name" type="s"></arg>
-    </method>
-])
-
-dnl Version
-dnl
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getVersion"]]], 0, [dnl
-    <method name="getVersion">
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setVersion"]]], 0, [dnl
-    <method name="setVersion">
-        <arg direction="in" name="version" type="s"></arg>
-    </method>
-])
-
-dnl Short
-dnl
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getShort"]]], 0, [dnl
-    <method name="getShort">
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setShort"]]], 0, [dnl
-    <method name="setShort">
-        <arg direction="in" name="short" type="s"></arg>
-    </method>
-])
-
-dnl Description
-dnl
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getDescription"]]], 0, [dnl
-    <method name="getDescription">
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setDescription"]]], 0, [dnl
-    <method name="setDescription">
-        <arg direction="in" name="description" type="s"></arg>
-    </method>
-])
-
-dnl Target
-dnl
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getTarget"]]], 0, [dnl
-    <method name="getTarget">
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setTarget"]]], 0, [dnl
-    <method name="setTarget">
-        <arg direction="in" name="target" type="s"></arg>
-    </method>
-])
-
-dnl Interfaces
-dnl
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getInterfaces"]]], 0, [dnl
-    <method name="getInterfaces">
-        <arg direction="out" type="as"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setInterfaces"]]], 0, [dnl
-    <method name="setInterfaces">
-        <arg direction="in" name="interfaces" type="as"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addInterface"]]], 0, [dnl
-    <method name="addInterface">
-        <arg direction="in" name="interface" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeInterface"]]], 0, [dnl
-    <method name="removeInterface">
-        <arg direction="in" name="interface" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryInterface"]]], 0, [dnl
-    <method name="queryInterface">
-        <arg direction="in" name="interface" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-
-dnl Sources
-dnl
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getSources"]]], 0, [dnl
-    <method name="getSources">
-        <arg direction="out" type="as"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setSources"]]], 0, [dnl
-    <method name="setSources">
-        <arg direction="in" name="sources" type="as"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addSource"]]], 0, [dnl
-    <method name="addSource">
-        <arg direction="in" name="source" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeSource"]]], 0, [dnl
-    <method name="removeSource">
-        <arg direction="in" name="source" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="querySource"]]], 0, [dnl
-    <method name="querySource">
-        <arg direction="in" name="source" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-
-dnl Services
-dnl
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getServices"]]], 0, [dnl
-    <method name="getServices">
-        <arg direction="out" type="as"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setServices"]]], 0, [dnl
-    <method name="setServices">
-        <arg direction="in" name="services" type="as"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addService"]]], 0, [dnl
-    <method name="addService">
-        <arg direction="in" name="service" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeService"]]], 0, [dnl
-    <method name="removeService">
-        <arg direction="in" name="service" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryService"]]], 0, [dnl
-    <method name="queryService">
-        <arg direction="in" name="service" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-
-dnl Ports
-dnl
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getPorts"]]], 0, [dnl
-    <method name="getPorts">
-        <arg direction="out" type="a(ss)"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setPorts"]]], 0, [dnl
-    <method name="setPorts">
-        <arg direction="in" name="ports" type="a(ss)"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addPort"]]], 0, [dnl
-    <method name="addPort">
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removePort"]]], 0, [dnl
-    <method name="removePort">
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryPort"]]], 0, [dnl
-    <method name="queryPort">
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-
-dnl Source Ports
-dnl
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getSourcePorts"]]], 0, [dnl
-    <method name="getSourcePorts">
-        <arg direction="out" type="a(ss)"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setSourcePorts"]]], 0, [dnl
-    <method name="setSourcePorts">
-        <arg direction="in" name="ports" type="a(ss)"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addSourcePort"]]], 0, [dnl
-    <method name="addSourcePort">
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeSourcePort"]]], 0, [dnl
-    <method name="removeSourcePort">
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="querySourcePort"]]], 0, [dnl
-    <method name="querySourcePort">
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-
-dnl Protocol
-dnl
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getProtocols"]]], 0, [dnl
-    <method name="getProtocols">
-        <arg direction="out" type="as"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setProtocols"]]], 0, [dnl
-    <method name="setProtocols">
-        <arg direction="in" name="protocols" type="as"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addProtocol"]]], 0, [dnl
-    <method name="addProtocol">
-        <arg direction="in" name="protocol" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeProtocol"]]], 0, [dnl
-    <method name="removeProtocol">
-        <arg direction="in" name="protocol" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryProtocol"]]], 0, [dnl
-    <method name="queryProtocol">
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-
-dnl Forward Ports
-dnl
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getForwardPorts"]]], 0, [dnl
-    <method name="getForwardPorts">
-        <arg direction="out" type="a(ssss)"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setForwardPorts"]]], 0, [dnl
-    <method name="setForwardPorts">
-        <arg direction="in" name="ports" type="a(ssss)"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addForwardPort"]]], 0, [dnl
-    <method name="addForwardPort">
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="in" name="toport" type="s"></arg>
-        <arg direction="in" name="toaddr" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeForwardPort"]]], 0, [dnl
-    <method name="removeForwardPort">
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="in" name="toport" type="s"></arg>
-        <arg direction="in" name="toaddr" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryForwardPort"]]], 0, [dnl
-    <method name="queryForwardPort">
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="in" name="toport" type="s"></arg>
-        <arg direction="in" name="toaddr" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-
-dnl Masquerade
-dnl
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getMasquerade"]]], 0, [dnl
-    <method name="getMasquerade">
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setMasquerade"]]], 0, [dnl
-    <method name="setMasquerade">
-        <arg direction="in" name="masquerade" type="b"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addMasquerade"]]], 0, [dnl
-    <method name="addMasquerade">
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeMasquerade"]]], 0, [dnl
-    <method name="removeMasquerade">
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryMasquerade"]]], 0, [dnl
-    <method name="queryMasquerade">
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-
-dnl ICMP Block
-dnl
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getIcmpBlocks"]]], 0, [dnl
-    <method name="getIcmpBlocks">
-        <arg direction="out" type="as"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setIcmpBlocks"]]], 0, [dnl
-    <method name="setIcmpBlocks">
-        <arg direction="in" name="icmptypes" type="as"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addIcmpBlock"]]], 0, [dnl
-    <method name="addIcmpBlock">
-        <arg direction="in" name="icmptype" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeIcmpBlock"]]], 0, [dnl
-    <method name="removeIcmpBlock">
-        <arg direction="in" name="icmptype" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryIcmpBlock"]]], 0, [dnl
-    <method name="queryIcmpBlock">
-        <arg direction="in" name="icmptype" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-
-dnl ICMP Block Inversion
-dnl
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getIcmpBlockInversion"]]], 0, [dnl
-    <method name="getIcmpBlockInversion">
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setIcmpBlockInversion"]]], 0, [dnl
-    <method name="setIcmpBlockInversion">
-        <arg direction="in" name="flag" type="b"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addIcmpBlockInversion"]]], 0, [dnl
-    <method name="addIcmpBlockInversion">
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeIcmpBlockInversion"]]], 0, [dnl
-    <method name="removeIcmpBlockInversion">
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryIcmpBlockInversion"]]], 0, [dnl
-    <method name="queryIcmpBlockInversion">
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-
-dnl Rich Rules
-dnl
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getRichRules"]]], 0, [dnl
-    <method name="getRichRules">
-        <arg direction="out" type="as"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setRichRules"]]], 0, [dnl
-    <method name="setRichRules">
-        <arg direction="in" name="rules" type="as"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addRichRule"]]], 0, [dnl
-    <method name="addRichRule">
-        <arg direction="in" name="rule" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeRichRule"]]], 0, [dnl
-    <method name="removeRichRule">
-        <arg direction="in" name="rule" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryRichRule"]]], 0, [dnl
-    <method name="queryRichRule">
-        <arg direction="in" name="rule" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-
-FWD_END_TEST
diff --git a/src/tests/dbus/zone_runtime_functional.at b/src/tests/dbus/zone_runtime_functional.at
deleted file mode 100644
index b5799b9..0000000
--- a/src/tests/dbus/zone_runtime_functional.at
+++ /dev/null
@@ -1,304 +0,0 @@
-FWD_START_TEST([dbus api - zone runtime functional])
-AT_KEYWORDS(dbus zone gh586)
-
-dnl ####################
-dnl Global APIs
-dnl ####################
-
-DBUS_CHECK([], [getZoneSettings], ["public"], 0, [dnl
-     (('', dnl version
-       'Public', dnl short
-       'For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.', dnl description
-       false, dnl bogus/unused
-       'default', dnl target
-       @<:@'ssh', 'dhcpv6-client', 'cockpit'@:>@, dnl services
-       @a(ss) @<:@@:>@, dnl ports
-       @as @<:@@:>@, dnl ICMP Blocks
-       false, dnl masquerade
-       @a(ssss) @<:@@:>@, dnl forward ports
-       @as @<:@@:>@, dnl interfaces
-       @as @<:@@:>@, dnl sources
-       @as @<:@@:>@, dnl rules_str
-       @as @<:@@:>@, dnl protocols
-       @a(ss) @<:@@:>@, dnl source ports
-       false),)
-])
-
-dnl Default Zone
-DBUS_CHECK([], [getDefaultZone], [], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [setDefaultZone], ['drop'], 0, [dnl
-    ()
-])
-DBUS_CHECK([], [getDefaultZone], [], 0, [dnl
-    ('drop',)
-])
-
-dnl Fetching Zones
-if NS_CMD([firewall-cmd --get-zones |grep "nm-shared" >/dev/null]); then
-    NM_SHARED="'nm-shared', "
-    export NM_SHARED
-fi
-DBUS_CHECK([], [zone.getZones], [], 0, [dnl
-    (@<:@'block', 'dmz', 'drop', 'external', 'home', 'internal', m4_escape([${NM_SHARED}])'public', 'trusted', 'work'@:>@,)
-])
-FWD_CHECK([-q --zone public --add-interface dummy0])
-FWD_CHECK([-q --zone public --add-source 10.1.1.1])
-DBUS_CHECK([], [zone.getActiveZones], [], 0, [dnl
-    ['public': {'interfaces': ['dummy0'], 'sources': ['10.1.1.1']}]
-])
-FWD_CHECK([-q --zone public --remove-interface dummy0])
-FWD_CHECK([-q --zone public --remove-source 10.1.1.1])
-
-dnl Interfaces/Sources
-FWD_CHECK([-q --zone public --add-interface dummy1])
-DBUS_CHECK([], [zone.getZoneOfInterface], ["dummy1"], 0, [dnl
-    ('public',)
-])
-FWD_CHECK([-q --zone public --remove-interface dummy1])
-FWD_CHECK([-q --zone drop --add-source 10.10.10.0/24])
-DBUS_CHECK([], [zone.getZoneOfSource], ["10.10.10.0/24"], 0, [dnl
-    ('drop',)
-])
-FWD_CHECK([-q --zone drop --remove-source 10.10.10.0/24])
-
-dnl ####################
-dnl Zone Individual APIs
-dnl ####################
-
-dnl isImmutable
-DBUS_CHECK([], [zone.isImmutable], ["public"], 0, [dnl
-    (false,)
-])
-
-dnl Interfaces
-DBUS_CHECK([], [zone.addInterface], ["public" "dummy0"], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.changeZone], ["drop" "dummy0"], 0, [dnl
-    ('drop',)
-])
-DBUS_CHECK([], [zone.queryInterface], ["public" "dummy0"], 0, [dnl
-    (false,)
-])
-DBUS_CHECK([], [zone.queryInterface], ["drop" "dummy0"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([], [zone.changeZoneOfInterface], ["public" "dummy0"], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryInterface], ["public" "dummy0"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([], [zone.queryInterface], ["drop" "dummy0"], 0, [dnl
-    (false,)
-])
-DBUS_CHECK([], [zone.addInterface], ["public" "dummy1"], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.getInterfaces], ["public"], 0, [dnl
-    [(['dummy0', 'dummy1'],)]
-])
-DBUS_CHECK([], [zone.removeInterface], ["public" "dummy0"], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.getInterfaces], ["public"], 0, [dnl
-    [(['dummy1'],)]
-])
-
-dnl Sources
-DBUS_CHECK([], [zone.addSource], ["public" "10.10.10.0/24"], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.changeZoneOfSource], ["drop" "10.10.10.0/24"], 0, [dnl
-    ('drop',)
-])
-DBUS_CHECK([], [zone.querySource], ["public" "10.10.10.0/24"], 0, [dnl
-    (false,)
-])
-DBUS_CHECK([], [zone.querySource], ["drop" "10.10.10.0/24"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([], [zone.changeZoneOfSource], ["public" "10.10.10.0/24"], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.addSource], ["public" "10.20.0.0/16"], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.getSources], ["public"], 0, [dnl
-    [(['10.10.10.0/24', '10.20.0.0/16'],)]
-])
-DBUS_CHECK([], [zone.removeSource], ["public" "10.10.10.0/24"], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.getSources], ["public"], 0, [dnl
-    [(['10.20.0.0/16'],)]
-])
-
-dnl Services
-DBUS_CHECK([], [zone.addService], ["public" "samba" 0], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryService], ["public" "samba"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([], [zone.getServices], ["public"], 0, [dnl
-    [(['ssh', 'dhcpv6-client', 'cockpit', 'samba'],)]
-])
-DBUS_CHECK([], [zone.removeService], ["public" "samba"], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryService], ["public" "samba"], 0, [dnl
-    (false,)
-])
-
-dnl Protocols
-DBUS_CHECK([], [zone.addProtocol], ["public" "icmp" 0], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryProtocol], ["public" "icmp"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([], [zone.getProtocols], ["public"], 0, [dnl
-    [(['icmp'],)]
-])
-DBUS_CHECK([], [zone.removeProtocol], ["public" "icmp"], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryProtocol], ["public" "icmp"], 0, [dnl
-    (false,)
-])
-
-dnl Ports
-DBUS_CHECK([], [zone.addPort], ["public" "1234" "tcp" 0], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryPort], ["public" "1234" "tcp"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([], [zone.addPort], ["public" "4321" "udp" 0], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.getPorts], ["public"], 0, [dnl
-    [([['1234', 'tcp'], ['4321', 'udp']],)]
-])
-DBUS_CHECK([], [zone.removePort], ["public" "1234" "tcp"], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryPort], ["public" "1234" "tcp"], 0, [dnl
-    (false,)
-])
-
-dnl Source Ports
-DBUS_CHECK([], [zone.addSourcePort], ["public" "1234" "tcp" 0], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.querySourcePort], ["public" "1234" "tcp"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([], [zone.addSourcePort], ["public" "4321" "udp" 0], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.getSourcePorts], ["public"], 0, [dnl
-    [([['1234', 'tcp'], ['4321', 'udp']],)]
-])
-DBUS_CHECK([], [zone.removeSourcePort], ["public" "1234" "tcp"], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.querySourcePort], ["public" "1234" "tcp"], 0, [dnl
-    (false,)
-])
-
-dnl Forward Ports
-DBUS_CHECK([], [zone.addForwardPort], ["public" "1234" "tcp" "1111" "" 0], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryForwardPort], ["public" "1234" "tcp" "1111" ""], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([], [zone.addForwardPort], ["public" "4321" "udp" "4444" "10.10.10.10" 0], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.getForwardPorts], ["public"], 0, [dnl
-    [([['1234', 'tcp', '1111', ''], ['4321', 'udp', '4444', '10.10.10.10']],)]
-])
-DBUS_CHECK([], [zone.removeForwardPort], ["public" "1234" "tcp" "1111" ""], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryForwardPort], ["public" "1234" "tcp" "1111" ""], 0, [dnl
-    (false,)
-])
-
-dnl Masquerade
-DBUS_CHECK([], [zone.addMasquerade], ["public" 0], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryMasquerade], ["public"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([], [zone.removeMasquerade], ["public"], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryMasquerade], ["public"], 0, [dnl
-    (false,)
-])
-
-dnl ICMP Block
-DBUS_CHECK([], [zone.addIcmpBlock], ["public" "echo-reply" 0], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryIcmpBlock], ["public" "echo-reply"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([], [zone.addIcmpBlock], ["public" "echo-request" 0], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.getIcmpBlocks], ["public"], 0, [dnl
-    [(['echo-reply', 'echo-request'],)]
-])
-DBUS_CHECK([], [zone.removeIcmpBlock], ["public" "echo-reply"], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryIcmpBlock], ["public" "echo-reply"], 0, [dnl
-    (false,)
-])
-
-dnl ICMP Block Inversion
-DBUS_CHECK([], [zone.addIcmpBlockInversion], ["public"], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryIcmpBlockInversion], ["public"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([], [zone.removeIcmpBlockInversion], ["public"], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryIcmpBlockInversion], ["public"], 0, [dnl
-    (false,)
-])
-
-dnl Rich Rules
-DBUS_CHECK([], [zone.addRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept" 0], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([], [zone.getRichRules], ["public"], 0, [dnl
-    [(['rule family="ipv4" source address="10.10.10.10" accept'],)]
-])
-DBUS_CHECK([], [zone.addRichRule], ["public" "rule family=ipv4 source address=20.20.20.20 accept" 0], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryRichRule], ["public" "rule family=ipv4 source address=20.20.20.20 accept"], 0, [dnl
-    (true,)
-])
-DBUS_CHECK([], [zone.removeRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept"], 0, [dnl
-    ('public',)
-])
-DBUS_CHECK([], [zone.queryRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept"], 0, [dnl
-    (false,)
-])
-
-FWD_END_TEST
diff --git a/src/tests/dbus/zone_runtime_signatures.at b/src/tests/dbus/zone_runtime_signatures.at
deleted file mode 100644
index 53fdbea..0000000
--- a/src/tests/dbus/zone_runtime_signatures.at
+++ /dev/null
@@ -1,415 +0,0 @@
-FWD_START_TEST([dbus api - zone runtime signatures])
-AT_KEYWORDS(dbus zone gh586)
-
-dnl ####################
-dnl Global APIs
-dnl ####################
-
-DBUS_INTROSPECT([], [[//method[@name="getZoneSettings"]]], 0, [dnl
-    <method name="getZoneSettings">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="out" type="(sssbsasa(ss)asba(ssss)asasasasa(ss)b)"></arg>
-    </method>
-])
-
-dnl Default Zone
-DBUS_INTROSPECT([], [[//method[@name="getDefaultZone"]]], 0, [dnl
-    <method name="getDefaultZone">
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="setDefaultZone"]]], 0, [dnl
-    <method name="setDefaultZone">
-        <arg direction="in" name="zone" type="s"></arg>
-    </method>
-])
-
-dnl Fetching Zones
-DBUS_INTROSPECT([], [[//method[@name="getZones"]]], 0, [dnl
-    <method name="getZones">
-        <arg direction="out" type="as"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="getActiveZones"]]], 0, [dnl
-    <method name="getActiveZones">
-        <arg direction="out" type="a{sa{sas}}"></arg>
-    </method>
-])
-
-dnl Interface/Source
-DBUS_INTROSPECT([], [[//method[@name="getZoneOfInterface"]]], 0, [dnl
-    <method name="getZoneOfInterface">
-        <arg direction="in" name="interface" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="getZoneOfSource"]]], 0, [dnl
-    <method name="getZoneOfSource">
-        <arg direction="in" name="source" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-
-dnl ####################
-dnl Zone APIs
-dnl ####################
-
-DBUS_INTROSPECT([], [[//method[@name="isImmutable"]]], 0, [dnl
-    <method name="isImmutable">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-
-dnl Interfaces
-DBUS_INTROSPECT([], [[//method[@name="addInterface"]]], 0, [dnl
-    <method name="addInterface">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="interface" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="changeZone"]]], 0, [dnl
-    <method name="changeZone">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="interface" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="changeZoneOfInterface"]]], 0, [dnl
-    <method name="changeZoneOfInterface">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="interface" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="removeInterface"]]], 0, [dnl
-    <method name="removeInterface">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="interface" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="queryInterface"]]], 0, [dnl
-    <method name="queryInterface">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="interface" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="getInterfaces"]]], 0, [dnl
-    <method name="getInterfaces">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="out" type="as"></arg>
-    </method>
-])
-
-dnl Sources
-DBUS_INTROSPECT([], [[//method[@name="addSource"]]], 0, [dnl
-    <method name="addSource">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="source" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="changeZoneOfSource"]]], 0, [dnl
-    <method name="changeZoneOfSource">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="source" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="removeSource"]]], 0, [dnl
-    <method name="removeSource">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="source" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="querySource"]]], 0, [dnl
-    <method name="querySource">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="source" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="getSources"]]], 0, [dnl
-    <method name="getSources">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="out" type="as"></arg>
-    </method>
-])
-
-dnl Services
-DBUS_INTROSPECT([], [[//method[@name="addService"]]], 0, [dnl
-    <method name="addService">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="service" type="s"></arg>
-        <arg direction="in" name="timeout" type="i"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="removeService"]]], 0, [dnl
-    <method name="removeService">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="service" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="queryService"]]], 0, [dnl
-    <method name="queryService">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="service" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="getServices"]]], 0, [dnl
-    <method name="getServices">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="out" type="as"></arg>
-    </method>
-])
-
-dnl Protocols
-DBUS_INTROSPECT([], [[//method[@name="addProtocol"]]], 0, [dnl
-    <method name="addProtocol">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="in" name="timeout" type="i"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="removeProtocol"]]], 0, [dnl
-    <method name="removeProtocol">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="queryProtocol"]]], 0, [dnl
-    <method name="queryProtocol">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="getProtocols"]]], 0, [dnl
-    <method name="getProtocols">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="out" type="as"></arg>
-    </method>
-])
-
-dnl Ports
-DBUS_INTROSPECT([], [[//method[@name="addPort"]]], 0, [dnl
-    <method name="addPort">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="in" name="timeout" type="i"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="removePort"]]], 0, [dnl
-    <method name="removePort">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="queryPort"]]], 0, [dnl
-    <method name="queryPort">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="getPorts"]]], 0, [dnl
-    <method name="getPorts">
-        <arg direction="in" name="zone" type="s"></arg>
-        dnl NOTE: The signature is "aas", but getPorts() actually returns
-        dnl "a(ss)". Apparently python-dbus coerces to "aas".
-        <arg direction="out" type="aas"></arg>
-    </method>
-])
-
-dnl Source Ports
-DBUS_INTROSPECT([], [[//method[@name="addSourcePort"]]], 0, [dnl
-    <method name="addSourcePort">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="in" name="timeout" type="i"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="removeSourcePort"]]], 0, [dnl
-    <method name="removeSourcePort">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="querySourcePort"]]], 0, [dnl
-    <method name="querySourcePort">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="getSourcePorts"]]], 0, [dnl
-    <method name="getSourcePorts">
-        <arg direction="in" name="zone" type="s"></arg>
-        dnl NOTE: The signature is "aas", but getPorts() actually returns
-        dnl "a(ss)". Apparently python-dbus coerces to "aas".
-        <arg direction="out" type="aas"></arg>
-    </method>
-])
-
-dnl Forward Ports
-DBUS_INTROSPECT([], [[//method[@name="addForwardPort"]]], 0, [dnl
-    <method name="addForwardPort">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="in" name="toport" type="s"></arg>
-        <arg direction="in" name="toaddr" type="s"></arg>
-        <arg direction="in" name="timeout" type="i"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="removeForwardPort"]]], 0, [dnl
-    <method name="removeForwardPort">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="in" name="toport" type="s"></arg>
-        <arg direction="in" name="toaddr" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="queryForwardPort"]]], 0, [dnl
-    <method name="queryForwardPort">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="port" type="s"></arg>
-        <arg direction="in" name="protocol" type="s"></arg>
-        <arg direction="in" name="toport" type="s"></arg>
-        <arg direction="in" name="toaddr" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="getForwardPorts"]]], 0, [dnl
-    <method name="getForwardPorts">
-        <arg direction="in" name="zone" type="s"></arg>
-        dnl NOTE: The signature is "aas", but getPorts() actually returns
-        dnl "a(ssss)". Apparently python-dbus coerces to "aas".
-        <arg direction="out" type="aas"></arg>
-    </method>
-])
-
-dnl Masquerade
-DBUS_INTROSPECT([], [[//method[@name="addMasquerade"]]], 0, [dnl
-    <method name="addMasquerade">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="timeout" type="i"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="removeMasquerade"]]], 0, [dnl
-    <method name="removeMasquerade">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="queryMasquerade"]]], 0, [dnl
-    <method name="queryMasquerade">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-
-dnl ICMP Block
-DBUS_INTROSPECT([], [[//method[@name="addIcmpBlock"]]], 0, [dnl
-    <method name="addIcmpBlock">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="icmp" type="s"></arg>
-        <arg direction="in" name="timeout" type="i"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="removeIcmpBlock"]]], 0, [dnl
-    <method name="removeIcmpBlock">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="icmp" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="queryIcmpBlock"]]], 0, [dnl
-    <method name="queryIcmpBlock">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="icmp" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="getIcmpBlocks"]]], 0, [dnl
-    <method name="getIcmpBlocks">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="out" type="as"></arg>
-    </method>
-])
-
-dnl ICMP Block Inversion
-DBUS_INTROSPECT([], [[//method[@name="addIcmpBlockInversion"]]], 0, [dnl
-    <method name="addIcmpBlockInversion">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="removeIcmpBlockInversion"]]], 0, [dnl
-    <method name="removeIcmpBlockInversion">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="queryIcmpBlockInversion"]]], 0, [dnl
-    <method name="queryIcmpBlockInversion">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-
-dnl Rich Rules
-DBUS_INTROSPECT([], [[//method[@name="addRichRule"]]], 0, [dnl
-    <method name="addRichRule">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="rule" type="s"></arg>
-        <arg direction="in" name="timeout" type="i"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="removeRichRule"]]], 0, [dnl
-    <method name="removeRichRule">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="rule" type="s"></arg>
-        <arg direction="out" type="s"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="queryRichRule"]]], 0, [dnl
-    <method name="queryRichRule">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="in" name="rule" type="s"></arg>
-        <arg direction="out" type="b"></arg>
-    </method>
-])
-DBUS_INTROSPECT([], [[//method[@name="getRichRules"]]], 0, [dnl
-    <method name="getRichRules">
-        <arg direction="in" name="zone" type="s"></arg>
-        <arg direction="out" type="as"></arg>
-    </method>
-])
-
-FWD_END_TEST
diff --git a/src/tests/features/helpers_custom.at b/src/tests/features/helpers_custom.at
index bd4b52c..41d0f17 100644
--- a/src/tests/features/helpers_custom.at
+++ b/src/tests/features/helpers_custom.at
@@ -37,7 +37,6 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
         chain filter_IN_public_allow {
             tcp dport 22 ct state new,untracked accept
             ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
-            tcp dport 9090 ct state new,untracked accept
             tcp dport 2121 ct helper set "helper-ftptest-tcp"
             tcp dport 2121 ct state new,untracked accept
         }
@@ -48,7 +47,6 @@ IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
 ])
 IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
     ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
-    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
     ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED
 ])
 IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
@@ -57,7 +55,6 @@ IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
 IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
     ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
     ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
-    ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
     ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED
 ])
 
@@ -94,7 +91,6 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
         chain filter_IN_public_allow {
             tcp dport 22 ct state new,untracked accept
             ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
-            tcp dport 9090 ct state new,untracked accept
             tcp dport 2121 ct helper set "helper-ftptest-tcp"
             tcp dport 2121 ct state new,untracked accept
         }
@@ -105,7 +101,6 @@ IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
 ])
 IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
     ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
-    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
     ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED
 ])
 IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
@@ -114,7 +109,6 @@ IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
 IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
     ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
     ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
-    ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
     ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED
 ])
 
@@ -132,7 +126,6 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
         chain filter_IN_public_allow {
             tcp dport 22 ct state new,untracked accept
             ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
-            tcp dport 9090 ct state new,untracked accept
             tcp dport 21 ct helper set "helper-ftp-tcp"
             tcp dport 2121 ct helper set "helper-ftptest-tcp"
             tcp dport 2121 ct state new,untracked accept
@@ -146,7 +139,6 @@ IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
 ])
 IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
     ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
-    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
     ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED
     ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW,UNTRACKED
 ])
@@ -157,7 +149,6 @@ IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
 IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
     ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
     ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
-    ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
     ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED
     ACCEPT tcp ::/0 ::/0 tcp dpt:21 ctstate NEW,UNTRACKED
 ])
diff --git a/src/tests/features/rfc3964_ipv4.at b/src/tests/features/rfc3964_ipv4.at
index 15fef52..54f5f75 100644
--- a/src/tests/features/rfc3964_ipv4.at
+++ b/src/tests/features/rfc3964_ipv4.at
@@ -1,10 +1,6 @@
 FWD_START_TEST([RFC3964_IPv4])
 AT_KEYWORDS(rfc3964_ipv4)
 
-dnl Expected test results assume this is set to "no"
-AT_CHECK([sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf])
-FWD_RELOAD
-
 AT_CHECK([sed -i 's/^LogDenied.*/LogDenied=all/' ./firewalld.conf])
 AT_CHECK([sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf])
 FWD_RELOAD
diff --git a/src/tests/features/service_include.at b/src/tests/features/service_include.at
index 070f157..7f02701 100644
--- a/src/tests/features/service_include.at
+++ b/src/tests/features/service_include.at
@@ -120,7 +120,7 @@ FWD_CHECK([--zone=drop --list-services], 0, [dnl
 
 ])
 FWD_CHECK([--zone=public --list-services], 0, [dnl
-cockpit dhcpv6-client ssh
+dhcpv6-client ssh
 ])
 FWD_CHECK([-q --permanent --service=my-service-with-include --remove-include=does-not-exist])
 FWD_RELOAD
diff --git a/src/tests/functions.at b/src/tests/functions.at
index 1cde499..5b3ed3e 100644
--- a/src/tests/functions.at
+++ b/src/tests/functions.at
@@ -221,10 +221,6 @@ m4_define([FWD_START_TEST], [
         fi
         echo "kill $DBUS_PID" >> ./cleanup_late
 
-        IF_HOST_SUPPORTS_NFT_RULE_INDEX([], [
-            AT_CHECK([sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf])
-        ])
-
         FWD_START_FIREWALLD
     ])
 ])
@@ -234,7 +230,6 @@ m4_define([FWD_END_TEST], [
         IF_HOST_SUPPORTS_IP6TABLES([], [
             sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log
         ])
-        sed -i "/WARNING: AllowZoneDrifting is enabled./d" ./firewalld.log
         if test x"$1" != x"ignore"; then
             if test -n "$1"; then
                 sed -i $1 ./firewalld.log
@@ -602,27 +597,3 @@ m4_define([NMCLI_CHECK], [
     NS_CHECK([PIPESTATUS0([nmcli $1], [TRIM_WHITESPACE])],
              [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6])
 ])
-
-m4_define([IF_HOST_SUPPORTS_NFT_RULE_INDEX], [
-    m4_if(nftables, FIREWALL_BACKEND, [
-        AT_DATA([./nft_rule_index.nft], [
-            add table inet firewalld_check_rule_index
-            add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; }
-            add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept
-            add rule inet firewalld_check_rule_index foobar accept
-            insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept
-])
-        NS_CHECK([nft -f ./nft_rule_index.nft])
-
-        if test "$( NS_CMD([nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | TRIM_WHITESPACE]) )" = "udp dport 4321 accept"; then
-            :
-            $1
-        else
-            :
-            $2
-        fi
-
-        NS_CHECK([rm ./nft_rule_index.nft])
-        NS_CHECK([nft delete table inet firewalld_check_rule_index])
-    ], [$1])
-])
diff --git a/src/tests/regression/gh366.at b/src/tests/regression/gh366.at
index 51ff504..1441a6b 100644
--- a/src/tests/regression/gh366.at
+++ b/src/tests/regression/gh366.at
@@ -7,7 +7,6 @@ table inet firewalld {
 chain filter_IN_public_allow {
 tcp dport 22 ct state new,untracked accept
 ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
-tcp dport 9090 ct state new,untracked accept
 ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept
 ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept
 }
@@ -15,13 +14,11 @@ ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept
 ])
 IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
-ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED
 ])
 IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
 ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
 ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
-ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
 ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED
 ])])
 
diff --git a/src/tests/regression/gh453.at b/src/tests/regression/gh453.at
index 61bc90a..36a6fce 100644
--- a/src/tests/regression/gh453.at
+++ b/src/tests/regression/gh453.at
@@ -18,7 +18,6 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
     chain filter_IN_public_allow {
     tcp dport 22 ct state new,untracked accept
     ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
-    tcp dport 9090 ct state new,untracked accept
     tcp dport 21 ct helper set "helper-ftp-tcp"
     tcp dport 21 ct state new,untracked accept
     }
@@ -43,7 +42,6 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
     chain filter_IN_public_allow {
     tcp dport 22 ct state new,untracked accept
     ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
-    tcp dport 9090 ct state new,untracked accept
     tcp dport 21 ct helper set "helper-ftp-tcp"
     tcp dport 21 ct state new,untracked accept
     tcp dport 5060 ct helper set "helper-sip-tcp"
diff --git a/src/tests/regression/gh509.at b/src/tests/regression/gh509.at
index 1c15106..00cc51c 100644
--- a/src/tests/regression/gh509.at
+++ b/src/tests/regression/gh509.at
@@ -1,4 +1,3 @@
-m4_if(nftables, FIREWALL_BACKEND, [
 FWD_START_TEST([missing firewalld.conf file])
 AT_KEYWORDS(gh509)
 
@@ -13,4 +12,3 @@ FWD_RESTART
 FWD_END_TEST([-e '/ERROR: Failed to load/d' dnl
               -e '/WARNING:.*No such file or directory:.*/d' dnl
               -e '/WARNING: Using fallback firewalld configuration settings/d'])
-])
diff --git a/src/tests/regression/gh599.at b/src/tests/regression/gh599.at
deleted file mode 100644
index b0a2307..0000000
--- a/src/tests/regression/gh599.at
+++ /dev/null
@@ -1,17 +0,0 @@
-FWD_START_TEST([writing to log after copytruncate])
-AT_KEYWORDS(gh599)
-
-AT_SKIP_IF([! NS_CMD([which truncate >/dev/null 2>&1])])
-AT_SKIP_IF([! NS_CMD([which wc >/dev/null 2>&1])])
-AT_SKIP_IF([! NS_CMD([which expr >/dev/null 2>&1])])
-
-dnl Verify we continue to write to the log file after it's truncated. That is,
-dnl simulate logrotate's copytruncate.
-NS_CHECK([truncate -s 0 ./firewalld.log])
-
-dnl generate some logs
-FWD_CHECK([-q --add-service=this_does_not_exist], 101, [ignore], [ignore])
-
-NS_CHECK([expr $(cat ./firewalld.log | wc -c) ">" 0], 0, [ignore], [ignore])
-
-FWD_END_TEST([-e '/ERROR: INVALID_SERVICE: this_does_not_exist/d'])
diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
index d7b4d56..8042c3a 100644
--- a/src/tests/regression/regression.at
+++ b/src/tests/regression/regression.at
@@ -27,10 +27,3 @@ m4_include([regression/gh509.at])
 m4_include([regression/gh567.at])
 m4_include([regression/rhbz1779835.at])
 m4_include([regression/gh330.at])
-m4_include([regression/gh599.at])
-m4_include([regression/rhbz1829104.at])
-m4_include([regression/rhbz1843398.at])
-m4_include([regression/rhbz1689429.at])
-m4_include([regression/rhbz1483921.at])
-m4_include([regression/rhbz1541077.at])
-m4_include([regression/rhbz1855140.at])
diff --git a/src/tests/regression/rhbz1483921.at b/src/tests/regression/rhbz1483921.at
deleted file mode 100644
index 4536615..0000000
--- a/src/tests/regression/rhbz1483921.at
+++ /dev/null
@@ -1,8 +0,0 @@
-FWD_START_TEST([direct and zone mutually exclusive])
-AT_KEYWORDS(direct rhbz1483921)
-
-FWD_CHECK([--zone=public --permanent --direct --add-rule ipv4 nat OUTPUT 1 -p tcp --dport 8443 -j DNAT --to-port 9443], 2, [ignore], [ignore])
-
-FWD_CHECK([--zone=public --direct --add-rule ipv4 nat OUTPUT 1 -p tcp --dport 8443 -j DNAT --to-port 9443], 2, [ignore], [ignore])
-
-FWD_END_TEST
diff --git a/src/tests/regression/rhbz1514043.at b/src/tests/regression/rhbz1514043.at
index 8e4846a..efc33e0 100644
--- a/src/tests/regression/rhbz1514043.at
+++ b/src/tests/regression/rhbz1514043.at
@@ -1,15 +1,11 @@
 FWD_START_TEST([--set-log-denied does not zero config])
 AT_KEYWORDS(log_denied rhbz1514043)
 
-dnl Expected test results assume this is set to "no"
-AT_CHECK([sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf])
-FWD_RELOAD
-
 FWD_CHECK([-q --set-log-denied=all])
 FWD_CHECK([-q --permanent --zone=public --add-service=samba])
 FWD_RELOAD
 FWD_CHECK([--zone=public --list-all | TRIM | grep ^services], 0, [dnl
-services: cockpit dhcpv6-client samba ssh
+services: dhcpv6-client samba ssh
 ])
 
 dnl check that log denied actually took effect
diff --git a/src/tests/regression/rhbz1541077.at b/src/tests/regression/rhbz1541077.at
deleted file mode 100644
index 692ca8e..0000000
--- a/src/tests/regression/rhbz1541077.at
+++ /dev/null
@@ -1,9 +0,0 @@
-FWD_START_TEST([hash:mac and family mutually exclusive])
-AT_KEYWORDS(ipset rhbz1541077)
-
-FWD_CHECK([--permanent --new-ipset hashmacv6 --type hash:mac --family inet6], 2, [ignore], [ignore])
-FWD_CHECK([--new-ipset hashmacv6 --type hash:mac --family inet6], 2, [ignore], [ignore])
-
-AT_CHECK([firewall-offline-cmd --new-ipset hashmacv6 --type hash:mac --family inet6], 2, [ignore], [ignore])
-
-FWD_END_TEST
diff --git a/src/tests/regression/rhbz1689429.at b/src/tests/regression/rhbz1689429.at
deleted file mode 100644
index 9157c95..0000000
--- a/src/tests/regression/rhbz1689429.at
+++ /dev/null
@@ -1,12 +0,0 @@
-FWD_START_TEST([rich rule invalid priority])
-AT_KEYWORDS(rich rhbz1689429)
-
-FWD_CHECK([--add-rich-rule='rule priority=foo accept'], 139, [],
-	  [Error: INVALID_PRIORITY: invalid 'priority' attribute value 'foo'.
-])
-FWD_CHECK([--permanent --add-rich-rule='rule priority=foo accept'], 139, [],
-	  [Error: INVALID_PRIORITY: invalid 'priority' attribute value 'foo'.
-])
-FWD_RELOAD
-
-FWD_END_TEST([ignore])
diff --git a/src/tests/regression/rhbz1715977.at b/src/tests/regression/rhbz1715977.at
index b9886e1..d548de7 100644
--- a/src/tests/regression/rhbz1715977.at
+++ b/src/tests/regression/rhbz1715977.at
@@ -14,7 +14,6 @@ NFT_LIST_RULES([inet], [filter_IN_internal_allow], 0, [dnl
             udp dport 137 ct state new,untracked accept
             udp dport 138 ct state new,untracked accept
             ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
-            tcp dport 9090 ct state new,untracked accept
             ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept
         }
     }
@@ -24,7 +23,6 @@ IPTABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl
     ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED
     ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED
     ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED
-    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
     ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED
 ])
 IP6TABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl
@@ -33,7 +31,6 @@ IP6TABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl
     ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED
     ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED
     ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
-    ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
 ])
 
 FWD_CHECK([-q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.111.222/32" source address="10.10.10.0/24" service name="ssh" accept'])
@@ -47,7 +44,6 @@ NFT_LIST_RULES([inet], [filter_IN_internal_allow], 0, [dnl
             udp dport 137 ct state new,untracked accept
             udp dport 138 ct state new,untracked accept
             ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
-            tcp dport 9090 ct state new,untracked accept
             ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept
             ip daddr 192.168.111.222 ip saddr 10.10.10.0/24 tcp dport 22 ct state new,untracked accept
         }
@@ -58,7 +54,6 @@ IPTABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl
     ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED
     ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED
     ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED
-    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
     ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED
     ACCEPT tcp -- 10.10.10.0/24 192.168.111.222 tcp dpt:22 ctstate NEW,UNTRACKED
 ])
@@ -68,7 +63,6 @@ IP6TABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl
     ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED
     ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED
     ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
-    ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
 ])
 
 FWD_CHECK([-q --zone=internal --add-rich-rule='rule family=ipv4 service name="ssdp" accept'])
@@ -82,7 +76,6 @@ NFT_LIST_RULES([inet], [filter_IN_internal_allow], 0, [dnl
             udp dport 137 ct state new,untracked accept
             udp dport 138 ct state new,untracked accept
             ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
-            tcp dport 9090 ct state new,untracked accept
             ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept
             ip daddr 192.168.111.222 ip saddr 10.10.10.0/24 tcp dport 22 ct state new,untracked accept
             ip daddr 239.255.255.250 udp dport 1900 ct state new,untracked accept
@@ -94,7 +87,6 @@ IPTABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl
     ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED
     ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED
     ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED
-    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
     ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED
     ACCEPT tcp -- 10.10.10.0/24 192.168.111.222 tcp dpt:22 ctstate NEW,UNTRACKED
     ACCEPT udp -- 0.0.0.0/0 239.255.255.250 udp dpt:1900 ctstate NEW,UNTRACKED
@@ -105,7 +97,6 @@ IP6TABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl
     ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED
     ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED
     ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
-    ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
 ])
 
 FWD_CHECK([-q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept'], 122, [ignore], [ignore])
diff --git a/src/tests/regression/rhbz1779835.at b/src/tests/regression/rhbz1779835.at
index 8de5c03..37d1afc 100644
--- a/src/tests/regression/rhbz1779835.at
+++ b/src/tests/regression/rhbz1779835.at
@@ -1,8 +1,6 @@
 FWD_START_TEST([ipv6 address with brackets])
 AT_KEYWORDS(rhbz1779835 ipset zone forward_port rich)
 
-IF_HOST_SUPPORTS_IPV6_RULES([], [AT_SKIP_IF([:])])
-
 dnl ipset
 FWD_CHECK([-q --permanent --new-ipset=foobar --type=hash:ip --family=inet6])
 FWD_CHECK([[-q --permanent --ipset foobar --add-entry='[1234::4321]']])
diff --git a/src/tests/regression/rhbz1829104.at b/src/tests/regression/rhbz1829104.at
deleted file mode 100644
index 45659eb..0000000
--- a/src/tests/regression/rhbz1829104.at
+++ /dev/null
@@ -1,55 +0,0 @@
-m4_if(iptables, FIREWALL_BACKEND, [
-FWD_START_TEST([direct rule in zone chain])
-AT_KEYWORDS(direct rhbz1829104)
-
-FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-
-FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-
-FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-
-FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-
-FWD_CHECK([-q --direct --add-rule ipv4 filter FWDI_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 filter FWDI_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 filter FWDI_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 filter FWDI_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 filter FWDI_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 filter FWDI_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-
-FWD_CHECK([-q --direct --add-rule ipv4 filter FWDO_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 filter FWDO_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 filter FWDO_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 filter FWDO_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 filter FWDO_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 filter FWDO_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-
-FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT])
-
-FWD_END_TEST
-])
diff --git a/src/tests/regression/rhbz1843398.at b/src/tests/regression/rhbz1843398.at
deleted file mode 100644
index 4606e84..0000000
--- a/src/tests/regression/rhbz1843398.at
+++ /dev/null
@@ -1,8 +0,0 @@
-FWD_START_TEST([rich rule source mac])
-AT_KEYWORDS(rich rhbz1843398 gh643)
-
-FWD_CHECK([--permanent --add-rich-rule='rule source mac="11:22:33:44:55:66" reject'], 0, [ignore])
-FWD_CHECK([            --add-rich-rule='rule source mac="11:22:33:44:55:66" reject'], 0, [ignore])
-FWD_RELOAD
-
-FWD_END_TEST
diff --git a/src/tests/regression/rhbz1855140.at b/src/tests/regression/rhbz1855140.at
deleted file mode 100644
index 8059e29..0000000
--- a/src/tests/regression/rhbz1855140.at
+++ /dev/null
@@ -1,35 +0,0 @@
-FWD_START_TEST([rich rule icmptypes with one family])
-AT_KEYWORDS(rich icmp rhbz1855140)
-
-FWD_CHECK([--permanent --zone public --add-rich-rule='rule icmp-type name="echo-request" accept'], 0, ignore)
-FWD_CHECK([--permanent --zone public --add-rich-rule='rule icmp-type name="neighbour-advertisement" accept'], 0, ignore)
-FWD_CHECK([--permanent --zone public --add-rich-rule='rule icmp-type name="timestamp-request" accept'], 0, ignore)
-FWD_RELOAD
-NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
-    table inet firewalld {
-        chain filter_IN_public_allow {
-            tcp dport 22 ct state new,untracked accept
-            ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
-            tcp dport 9090 ct state new,untracked accept
-            icmp type echo-request accept
-            icmpv6 type echo-request accept
-            icmpv6 type nd-neighbor-advert accept
-            icmp type timestamp-request accept
-        }
-    }
-])
-IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
-    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
-    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
-    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
-    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 13
-])
-IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
-    ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
-    ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
-    ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
-    ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128
-    ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 136
-])
-
-FWD_END_TEST