Hi,
I try to tighten a OpenVPN setup.
It should result in a separate zone for tun0 (10.20.30.0/24), that allows ssh on the local net, which is in the external zone otherwise (192.168.78.0/24).
$ firewall-cmd --info-zone=external external (active) target: DROP icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client http https ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
$ firewall-cmd --info-zone=internal internal (active) target: default icmp-block-inversion: no interfaces: tun0 sources: services: ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="10.20.30.0/24" destination address="192.168.78.0/24" port port="8080" protocol="tcp" accept
Hence, it should allow routing ssh requests to eth0.
All experiments result in IN_external_DROPs, because this is defined as external, I guess.
Yes, I know, this setup is rather improper. It's a transient state on the way to proper separate internal and external network interfaces.
Any idea, how to archive this?
Thanks in advance, Pete