[CentOS] OpenVPN server and firewalld

Fri Dec 29 09:32:34 UTC 2017
Kenneth Porter <shiva at sewingwitch.com>

How do I insert the iptables rule below using firewalld?

I'm moving up from CentOS 6 to 7 on an office gateway and I'm trying to get 
OpenVPN working to allow home workers to access PCs at the office. I've got 
it all working but only by manually inserting an ACCEPT rule in the FORWARD 
iptables chain:

iptables -I FORWARD 3 -i tun+ -j ACCEPT

This rule was extracted from my iptables firewall under CentOS6. The 3 puts 
it after the accepts for established connections and loopback connections, 
but before any firewalld sub-chains. With this I can connect to an internal 
Windows 10 system with Remote Desktop.

How can I inject this rule using firewalld, either as a direct rule or as 
some more firewalld-approved kind of rule?