[CentOS] C7, firewalld and rich rules

[mark]

Ok, I've found something that will work - adding --direct rules. That, I
can do via iptables-save | a 10-line awk script.

A question, though: in iptables, we've got INPUT and FORWARD defined as
using the same chain. Is there a way to do that with firewalld - it's not
clear from what I'm reading.

Once I have this working, I'm going to investigate if I can export them as
rich rules, so in the new format.

     mark