I have two separate issues that I have not been able to figure out with the change from iptables to firewalld. Since firewalld is lightly documented the solutions are avoiding me.
1) I use openvpn to access my server from the internet. In iptables tun0 was a trusted interface to allow access to services and data. The command
firewall-cmd --zone=trusted --add-interface=tun0
allows me to open it up temporarily, but after a restart I would have to enter this command again. I tried
firewall-cmd --permanent --zone=trusted --add-interface=tun0
but it exited the program and showed the man page. I have opened a bug
on this, but was hoping someone may have run into it already.
2) I need to set up the nf_conntrack_netbios_ns and ip_nat_ftp helper modules in firewalld to allow ftp connections to external systems from other computers on my LAN. It looks like this is done using a firewalld service configuration file (see man firewalld.service). I will be working through this, but would like to hear from anyone that has set this up. Thanks!