On Fri, December 29, 2017 3:32 am, Kenneth Porter wrote: > How do I insert the iptables rule below using firewalld? > > I'm moving up from CentOS 6 to 7 on an office gateway and I'm trying to > get > OpenVPN working to allow home workers to access PCs at the office. I've > got > it all working but only by manually inserting an ACCEPT rule in the > FORWARD > iptables chain: > > iptables -I FORWARD 3 -i tun+ -j ACCEPT > > This rule was extracted from my iptables firewall under CentOS6. The 3 > puts > it after the accepts for established connections and loopback connections, > but before any firewalld sub-chains. With this I can connect to an > internal > Windows 10 system with Remote Desktop. > > How can I inject this rule using firewalld, either as a direct rule or as > some more firewalld-approved kind of rule? This is not and answer to your questions, still I will mention it anyway. I use pfsense for the same, and it installs seamlessly, is configured easily (through web interface), and works reliably. Also: it is really very lightweight on hardware demands and is quite small footprint. It is based on FreeBSD. If I were replacing/upgrading any firewall/gateway/... VPN... I will definite consider pfsense (add to my scope of candfidates): https://www.pfsense.org/ I hope, this helps. Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++