Yes, changing to “DefaultZone=external” in
/etc/firewalldsolved it.I can access Plinth and ran Diagnostics. Everything has passed!
The change in /etc/firewalld/firewalld.conf of DefaultZone=external to DefaultZone=public seemed suspicious since, according to my notes, I had never touched that file. Choosing to accept the packager maintainer’s version when I attempted the manual upgrade (selecting Y at the conffile prompt) seems to have been the wrong choice for me. That said, I noticed that one of my FreedomBoxes that did successfully automatically upgrade without any issue (besides a minor Mediawiki hiccup) ended up with DefaultZone=external in its firewalld.conf file.
The box that had a successful automatic upgrade from Bullseye to Bookworm (originally spun up 2022-09-01) now has 3 files in /etc/firewalld/:
firewalld.confwithDefaultZone=external. Modified 2023-06-11.firewalld.conf.oldwithDefaultZone=public. Modified 2023-01-06.firewalld.conf.dpkg-oldwithDefaultZone=external. Modified 2022-08-17.
The FreedomBox that had the failed upgrade to from Bullseye to Bookworm (originally spun up on 2022-05-09) and which I reverted to an evening backup had in its backup image:
firewalld.confwithDefaultZone=external. Modified 2022-05-09.firewalld.conf.oldwithDefaultZone=public. Modified 2021-02-01.
When I next attempt an upgrade, I’ll try making sure DefaultZone=external remains in /etc/firewalld/firewalld.conf.