By default, firewalld is ready installed when you setup your machine. So, nothing extra needs to be install in order to use this.
Basically, there are a few default zones predefined and by default, the public zone will be set as the default zone.
I got this from man firewalld.
List of predefined zones, and the default zone.
Basic firewall command is to allow external to access local machine services or port.
To list current firewall rules.
To allow a service or port.
To remove the service or port from firewall rule, simply replace the add to remove. Note that, this is just a temporary allowing the service and port. After the firewalld service restarted, these rules will be gone. To make it permanent, run again the commands with additional --permanent option. Another way is, run the command with --permanent option first, then run firewall-cmd --reload.
For a more complicated firewall rule setting, which uses rich language. You may set to drop or reject or accept certain packets. In addition, you may also log / audit the connections.
The structure of the rule.
Drop all https request from 22.214.171.124/24.
Before I proceed with second example, I am doing a reload. All the non-permanent rules are gone after the reload.
Log at a rate of 3 per minute and accept http requests.
Port forwarding from 999 to 22.
To see the man page for rich language, use man firewalld.richlanguage.