[CentOS] OpenVPN server and firewalld

Fri Dec 29 11:59:25 UTC 2017
Wojciech Łysiak <wojciech at vseits.pl>

W dniu 29.12.2017 o 10:32, Kenneth Porter pisze:
> How do I insert the iptables rule below using firewalld?
> I'm moving up from CentOS 6 to 7 on an office gateway and I'm trying 
> to get OpenVPN working to allow home workers to access PCs at the 
> office. I've got it all working but only by manually inserting an 
> ACCEPT rule in the FORWARD iptables chain:
> iptables -I FORWARD 3 -i tun+ -j ACCEPT
> This rule was extracted from my iptables firewall under CentOS6. The 3 
> puts it after the accepts for established connections and loopback 
> connections, but before any firewalld sub-chains. With this I can 
> connect to an internal Windows 10 system with Remote Desktop.
> How can I inject this rule using firewalld, either as a direct rule or 
> as some more firewalld-approved kind of rule?

firstly check which zone are your interface in :

bash> firewall-cmd --get-active-zones

then all you have to do is add a service to the firewall

firewall-cmd --zone=<INSERT YOUR ZONE> --add-service=openvpn --permanent

assuming that your Openvpn is running on standard port 1194/tcp|udp,
If not then modify firewall-cmd rule and add your port/proto

firewall-cmd --zone=<INSERT YOUR ZONE> --add-port=11193/tcp

I hope this will help you,

Pozdrawiam / Best regards
Wojciech Łysiak