> I tried adding the tun0 interface to the internal zone and firewall- > cmd told me tun0 was managed by NetworkManager. After that it didn't > show tun0 as a member of any zone. > # firewall-cmd --zone=internal --add-interface=tun0 > The interface is under control of NetworkManager, setting zone to > 'internal'. success > # firewall-cmd --list-all-zones > (long list of zones, none of which have tun0 in their interfaces > field) I am experiencing the same thing getting IPSec protected GRE packets to the gre1 interface. It works with the firewall disabled; haven't been able to figure out how to make it work with the firewall enabled. firewall-cmd allows me to add the interface, but then forgets about it. -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA