I've just installed FEDORA 19 and I'm using firewalld instead of iptables, but I'm having difficulty interpretting the new terminology.

I have 2 NICs. One is specificed ZONE="internal" and the other "external" in the ifcfg-* files, I have set IPV4.forwarding = 1 in /etc/sysctl.conf, and run firewall-cmd --zone=external --add-masquerade

However, when I attempt to route from any machine on the internal network I'm getting Destination Host Prohibited and of course if I disable firewalld the error goes away but then I lose masquerading.

In iptables there was a ruleset called FORWARD, but in firewalld I can only FIND --add-port-forward which isn't the same thing.

How do I allow routing in firewalld ?

TIA.
Finally, I found the answer ...

Code: [Select]# cat /etc/firewalld/direct.xml
<?xml version="1.0" encoding="utf-8"?>
<direct>
[ <RULE ipv="ipv4" table="filter" chain="FORWARD_direct" priority="0"> -i ETH0 -o eth1 -j ACCEPT </rule> ]
</direct>
This feature appeared in firewalld-0.3.4-1.fc19 but there is no firewall-cmd support yet, and the man page was omitted, but it WORKS