Sorry but I am completly ignorant about firewall.
After upgrade, I can contact my Pioneer box with ssh but anything else does not answer, including the web interface. I found out that I can change /etc/firewalld/firewalld.conf to have logging and then I see things like:
fbox kernel: filter_IN_public_REJECT: IN=end0 OUT= MAC=02:99:0b:41:e2:2a:02:0a:04:80:e0:fc:08:00 SRC=192.168.10.129 DST=192.168.10.66 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54594 DF PROTO=TCP SPT=56114 DPT=443 WINDOW=64240 RE
192.168.10.129 is the machine trying to access my freedombox. Does this “REJECT” mean that the packet was dropped?
I tried to do exactly what was in the link that you provided (as I have zero understanding);
firewall-cmd --permanent --new-policy int_to_ext_fwd
firewall-cmd --permanent --policy int_to_ext_fwd --add-ingress-zone internal
firewall-cmd --permanent --policy int_to_ext_fwd --add-egress-zone external
firewall-cmd --permanent --policy int_to_ext_fwd --set-priority 100
firewall-cmd --permanent --policy int_to_ext_fwd --set-target ACCEPT
firewall-cmd --permanent --zone=external --add-masquerade
firewall-cmd --permanent --zone=internal --add-forward
systemctl restart firewalld.service
However, this has changed nothing. On my freedombox, from plinth, I remember I did something like setting some interface as external in order to access internet via the freedombox when connected with openvpn to the freedombox, perhaps this means something different is needed?