From c034c72a4b58e53e8fd4991b762edd83a0bf7311 Mon Sep 17 00:00:00 2001
From: Nicolas MASSE <nicolas.masse@itix.fr>
Date: Sat, 25 May 2019 16:52:38 +0200
Subject: [PATCH] fix firewall rules

---
 rtorrent/README.md | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/rtorrent/README.md b/rtorrent/README.md
index 4e66531..346b237 100644
--- a/rtorrent/README.md
+++ b/rtorrent/README.md
@@ -45,11 +45,10 @@ On each node that will run `rtorrent`, you will have to add an exception in the
 To add them permanently, use:
 
 ```sh
-cat <<EOF >> /etc/sysconfig/iptables
--A OS_FIREWALL_ALLOW -m state --state NEW -p udp --dport 6881 -j ACCEPT
--A OS_FIREWALL_ALLOW -m state --state NEW -p udp --match multiport --dports 6890:6899 -j ACCEPT
--A OS_FIREWALL_ALLOW -m state --state NEW -p tcp --match multiport --dports 6890:6899 -j ACCEPT
-EOF
+firewall-cmd --permanent --direct --add-rule ipv4 filter IN_public_allow 1 -m udp -p udp -m conntrack --ctstate NEW --dport 6881 -j ACCEPT
+firewall-cmd --permanent --direct --add-rule ipv4 filter IN_public_allow 1 -m udp -p udp -m conntrack --ctstate NEW -m multiport --dports 6890:6899 -j ACCEPT
+firewall-cmd --permanent --direct --add-rule ipv4 filter IN_public_allow 1 -m tcp -p tcp -m conntrack --ctstate NEW -m multiport --dports 6890:6899 -j ACCEPT
+firewall-cmd --reload
 ```
 
 ### Deploy rtorrent