On Fri, May 8, 2015 12:06, Bowie Bailey wrote:
>
> Replying to myself here, I finally figured out how to do it with
> direct rules. Firewalld on CentOS 7 defaults to a drop rule for
> the FORWARD chain which my previous server didn't have. So I
> needed to put the rules in the FORWARD chain rather than the
> INPUT chain.
>
This does not make sense to me. The INPUT, OUTPUT and FORWARD chains
are swimlanes. A packet starts out, following PREROUTING, in exactly
one of these three and never leaves it. It can JUMP to shared chains
but it will always return to its original chain until ACCEPTed,
DROPped or REJECTed.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3