I need to allow Protocol 50 (esp) traffic for ipsec.
I can do:
iptables -A INPUT -p esp iptables -A OUTPUT -p esp
How could I do this with firewalld instead?
Same question closed on StackOverflow because it was off-topic.
You’ll need to use a (fairly simple) rich rule for this.
firewall-cmd --zone=vpnendpoint --add-rich-rule="rule protocol value=esp accept"
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.