> If the tun interface is always the same, just use firewall-cmd > --zone=my_zone --add-interface=tun0
Hi Stuart, Yea I can control the interface name but I can also pass it into the up script. So this seemed to work well where as I also tried firewall-cmd --permanent --change-zone=tun0 --zone=my_zone which produced inconsistent results probably related to the timing of the up script. If it was run far after initialization it seemed to work and persist an entry in /etc/NetworkManager/system-connections for the interface with a zone clause. Seems your command does the same but reliably at up script invocation time. My firewalld.conf has a default set however without any of the persisted entries in network manager or the up script, any new interface created by the openvpn service gets placed into "no zone", how can I ensure the default is respected? Thanks a lot for the help, jlc _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
