On Mon, May 23, 2016 at 4:10 PM, James Hogarth <james.hogarth at gmail.com> wrote: > > > Using DIRECT bypasses all the zone and service stuff. > > Frankly if your going to DIRECT everything then you really are better off > masking (and removing) firewalld and installing iptables-service and just > using the old traditional way. > James, thanks for some much-needed clue. :-)