[CentOS] OpenVPN server and firewalld

Sat Dec 30 01:17:07 UTC 2017
Kenneth Porter <shiva at sewingwitch.com>

--On Friday, December 29, 2017 3:27 PM +0100 Gianluca Cecchi 
<gianluca.cecchi at gmail.com> wrote:

> The "iptables like" rule will be added into the pre-built chain named
> FORWARD_direct
> The 0 above means it is put at top of FORWARD_direct chain. In your
> example appears "3" and it is not clear what are lines 1 and 2.

Thanks. That looks right.

The "3" was for putting it in the main FORWARD chain before the call the 
FORWARD_direct. (A quick and dirty hack just to test if that was the rule I 
needed to make the VPN work.) "0" would be the correct argument for putting 
it as the first rule in the FORWARD_direct subchain.