commands

> firewall-cmd --state
> firewall-cmd --get-default-zone
> firewall-cmd --get-active-zones
> firewall-cmd --list-all
> firewall-cmd --get-zones
> firewall-cmd --zone=home --list-all
> firewall-cmd --list-all-zones | less
> firewall-cmd --zone=home --change-interface=eth0
> firewall-cmd --set-default-zone=home
> firewall-cmd --get-services
>>>/usr/lib/firewalld/services/*.xml
> firewall-cmd --zone=public --add-service=http
> firewall-cmd --zone=public --list-services
> firewall-cmd --zone=public --add-service=http --permanent
> firewall-cmd --runtime-to-permanent
> firewall-cmd --zone=public --list-services --permanent
> firewall-cmd --zone=public --add-port=5000/tcp
> firewall-cmd --zone=public --add-port=4990-4999/udp
> firewall-cmd --permanent --new-zone=publicweb

--
> firewall-cmd --new-zone=prometheus-access --permanent
> firewall-cmd --reload
> firewall-cmd --get-zones
> firewall-cmd --zone=prometheus-access --add-source=92.117.58.106/32 --permanent
>>OR firewall-cmd --zone=prometheus-access --remove-source=92.117.50.188/20 --permanent
> firewall-cmd --zone=prometheus-access --add-port=9100/tcp  --permanent
> firewall-cmd --reload
> firewall-cmd --zone=prometheus-access --list-all
>>>sudo firewall-cmd --add-port=9100/tcp --permanent OR firewall-cmd --zone=public --remove-port=9100/tcp
>>>sudo firewall-cmd --reload

see: digitalocean
or: red hat