FirewallD

Zones - defines the trust level of connection. A connection can be assigned to only one zone at a time, but a zone can be used by many connections. Service - is a predefined list of local ports, destinations or firewall helper modules.
 * drop - this is the strictest or most untrusted zone. All incoming network packets are dropped. Only allows outgoing network connection
 * block - Also very strict/utrusted zone. Only network connection initiated within the system are permitted. Allow for responding with appropriate icmp-host-prohibited messages
 * public - Good for use in public areas. Only selected incoming connections are accepted
 * external - for use on external networks with masquerading enabled, especially for routers
 * dmz - for computers in so-called demilitarized zones that need to be publicly accessible with limited access to the internal network.
 * work - designated for use in work areas. The other computers on network are mostly trusted to not harm your system. Only selected incoming connections are accepted.
 * home- ===||===
 * internal - for use on internal networks. ==||=
 * trusted - all network connection are accepted.
 * firewall-cmd --state
 * firewall-cmd --get-zones
 * firewall-cmd --get-default-zones
 * firewall-cmd --get-active-zones
 * firewall-cmd --get-services
 * firewall-cmd --get-icmptypes
 * firewall-cmd --list-services --zone=drop
 * firewall-cmd --list-all --zone=external
 * firewall-cmd --permanent --add-service=https --zone=home
 * firewall-cmd --remove-service=https --zone=home
 * firewall-cmd --zone=external --add-forward-port=port=80:proto=tcp:toaddr=10.0.0.10:toport=443
 * firewall-cmd --permanent --add-port=443/tcp
 * firewall-cmd --direct --passthrough ipv4 -I INPUT -p tcp -m state --state NEW -m tcp --dport 222 -j ACCEPT