There are a couple of excellent articles on Firewall D and I’ll attribute them as follows. Remember to check out the comments sections where available since there are some insightful contributions:
Resources
How To Set Up a Firewall Using FirewallD on CentOS 7
A few ways to configure Linux firewalld
RHEL7: How to get started with Firewalld.
What Is FirewallD and How It Works (firewall-cmd)
Firewalld configuration and usage
How to open a port in the firewall on CentOS or RHEL
Snippets
Below are some of the neat things I gleaned from the above resources:
Firewalld is the default firewall on CentOS minimal install and its managed by the firewall-cmd administrative tool.
Firewalld daemon encapsulates groups of rules into what are termed as Zones. These rules dictate what traffic should be allowed depending on the level of “Trust” in the network your computer is connected to.
Zones are activated by adding Network Interfaces to them. The default zone after a CentOS mimimal install is the public zone. Here you’ll find a nice description of the different zones. Remember, check the zones that are active then add rules, e.g enabling ports, on them instead of blindly opening ports in all the zones.
To allow traffic between network interfaces remember to enable ip_forwading.
Incase you’d rather switch back to Ip-tables, follow the instructions here.
Services: There are a few basic building blocks in the zones — services are the most important. Firewalld uses its own set of services that are configured using XML files in the directories /usr/lib/firewalld/services (for the system default services) and /etc/firewalld/services for services that you, the administrator, create. If the same service is found in both locations then the services defined in /etc/firewalld/services takes precedence.