On Tue, 2018-04-24 at 14:18 -0400, Adam Tauno Williams wrote: > I am attempting to setup an IPSec protected GRE tunnel with a Cisco > router. I believe the IPSec association is up, however I cannot move > traffic over the tunnel. > It is not clear how to integrate the tunnel interface (gre1) with > firewall-cmd; adding the interface to trusted does not appear to > 'stick'. While I cannot reference the interface in a firewall rule I have been able to get the tunnel operational using: firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT