W dniu 29.12.2017 o 10:32, Kenneth Porter pisze: > How do I insert the iptables rule below using firewalld? > > I'm moving up from CentOS 6 to 7 on an office gateway and I'm trying > to get OpenVPN working to allow home workers to access PCs at the > office. I've got it all working but only by manually inserting an > ACCEPT rule in the FORWARD iptables chain: > > iptables -I FORWARD 3 -i tun+ -j ACCEPT > > This rule was extracted from my iptables firewall under CentOS6. The 3 > puts it after the accepts for established connections and loopback > connections, but before any firewalld sub-chains. With this I can > connect to an internal Windows 10 system with Remote Desktop. > > How can I inject this rule using firewalld, either as a direct rule or > as some more firewalld-approved kind of rule? Hi, firstly check which zone are your interface in : bash> firewall-cmd --get-active-zones then all you have to do is add a service to the firewall firewall-cmd --zone=<INSERT YOUR ZONE> --add-service=openvpn --permanent assuming that your Openvpn is running on standard port 1194/tcp|udp, If not then modify firewall-cmd rule and add your port/proto e.g. firewall-cmd --zone=<INSERT YOUR ZONE> --add-port=11193/tcp I hope this will help you, -- Pozdrawiam / Best regards Wojciech Łysiak