I am trying to build a new openvpn server based on CentOS7. Everything is working fine as long as I disable firewalld. With firewalld enabled, I can connect to the vpn and ping the machines on the network, but I am unable to ssh to them. What I had on my old server with iptables was two simple rules: -A RH-Firewall-1-INPUT -s <localnet>/255.255.0.0 -d <vpnnet>/255.255.0.0 -j ACCEPT -A RH-Firewall-1-INPUT -s <vpnnet>/255.255.0.0 -d <localnet>/255.255.0.0 -j ACCEPT This allowed all traffic to flow between my vpn subnet and the local network. How can I duplicate this behavior with firewalld? I even tried using the --direct option to put in these same rules without success. Although I may not have done it quite right -- firewalld seems to have added 20 extra chains to the rule structure and I'm not sure exactly where I should put these rules. Unfortunately, I cannot easily debug this while I'm at the office, but if you can give me any suggestions, I can try them out when I get home tonight. Thanks! -- Bowie