On Fri, December 29, 2017 3:32 am, Kenneth Porter wrote:
How do I insert the iptables rule below using firewalld?
I'm moving up from CentOS 6 to 7 on an office gateway and I'm trying to get OpenVPN working to allow home workers to access PCs at the office. I've got it all working but only by manually inserting an ACCEPT rule in the FORWARD iptables chain:
iptables -I FORWARD 3 -i tun+ -j ACCEPT
This rule was extracted from my iptables firewall under CentOS6. The 3 puts it after the accepts for established connections and loopback connections, but before any firewalld sub-chains. With this I can connect to an internal Windows 10 system with Remote Desktop.
How can I inject this rule using firewalld, either as a direct rule or as some more firewalld-approved kind of rule?
This is not and answer to your questions, still I will mention it anyway. I use pfsense for the same, and it installs seamlessly, is configured easily (through web interface), and works reliably. Also: it is really very lightweight on hardware demands and is quite small footprint. It is based on FreeBSD. If I were replacing/upgrading any firewall/gateway/... VPN... I will definite consider pfsense (add to my scope of candfidates):
I hope, this helps.
Valeri
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++