[CentOS] openvpn and firewalld

Sat May 9 12:32:10 UTC 2015
James B. Byrne <byrnejb at harte-lyne.ca>

On Fri, May 8, 2015 12:06, Bowie Bailey wrote:

> Replying to myself here, I finally figured out how to do it with
> direct rules.  Firewalld on CentOS 7 defaults to a drop rule for
> the FORWARD chain which my previous server didn't have.  So I
> needed to put the rules in the FORWARD chain rather than the
> INPUT chain.

This does not make sense to me.  The INPUT, OUTPUT and FORWARD chains
are swimlanes. A packet starts out, following PREROUTING, in exactly
one of these three and never leaves it.  It can JUMP to shared chains
but it will always return to its original chain until ACCEPTed,
DROPped or REJECTed.

***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3