How can I enable protocol traffic with firewalld?

ToBeReplaced asked:

I need to allow Protocol 50 (esp) traffic for ipsec.

I can do:

iptables -A INPUT -p esp
iptables -A OUTPUT -p esp

How could I do this with firewalld instead?

Same question closed on StackOverflow because it was off-topic.

My answer:

You’ll need to use a (fairly simple) rich rule for this.

For example:

firewall-cmd --zone=vpnendpoint --add-rich-rule="rule protocol value=esp accept"

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.