Update April 23, 2018: Fixing the root cause solves this problem
Root Cause
The service file - /lib/systemd/system/firewalld.service says firewalld conflict with ebtables.service which is enabled by default in Ubuntu 16.04.
Solution
Disable and mask ebtables.service with the following two commands:
sudo systemctl disable ebtables
sudo systemctl mask ebtables
This resolves the issue with FirewallD and hybrid-sleep and the associated problem of Firewalld does not start at boot
Thanks to alfred's answer to the above question
Original answer:
Stop firewalld before hybrid-sleep and start it at resume
Background
Put a bash script file in /lib/systemd/system-sleep/. Immediately before entering system suspend, hibernate, or hybrid-sleep the systemd-suspend.service (and the respective equivalents) will run the bash script in /lib/systemd/system-sleep/ and pass two arguments to them. The first argument will be pre, the second either suspend, hibernate, or hybrid-sleep depending on the chosen action.
Immediately after leaving system suspend, hibernate or hybrid-sleep the same bash script is run, but the first argument is now post.
Source: https://www.freedesktop.org/software/systemd/man/systemd-suspend.service.html
How to do it:
Create a text file: /lib/systemd/system-sleep/firewalld-sleep.sh with the following content:
#!/bin/bash
case $1/$2 in
pre/*)
# Disable firewalld before hybrid-sleep
systemctl stop firewalld.service
;;
post/*)
# Enable firewalld after hybrid-sleep
systemctl start firewalld.service
;;
esac
Make the file executable. See http://askubuntu.com/questions/484718/how-to-make-a-file-executable for details.
Note, the script stops the firewalld before any of the three types of sleep/hybernate/hybrid-sleep and starts it again at resume.
Now firewalld and hybrid-sleep will coexist and system will not freeze if you close the lid while firewalld is running.
Hope this helps
