> I am experiencing the same thing getting IPSec protected GRE packets > to the gre1 interface. > It works with the firewall disabled; haven't been able to figure out > how to make it work with the firewall enabled. > firewall-cmd allows me to add the interface, but then forgets about > it. While I cannot reference the interface in a firewall rule I have been able to get the tunnel operational using: firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT see the thread - "Libreswan IPSec Protected GRE Tunnel & firewall-cmd" -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA