The firewalld command line client.
# To view the available firewall zones:
firewall-cmd --get-active-zones
# To view the rules which are currently applied:
firewall-cmd --list-all
# To permanently move the interface into the block zone, effectively blocking all communication:
firewall-cmd --permanent --zone=<block> --change-interface=<enp1s0>
# To permanently open the port for a service in the specified zone (like port '443' when in the 'public' zone):
firewall-cmd --permanent --zone=<public> --add-service=<https>
# To permanently close the port for a service in the specified zone (like port '80' when in the 'public' zone):
firewall-cmd --permanent --zone=<public> --remove-service=<http>
# To permanently open two arbitrary ports in the specified zone:
firewall-cmd --permanent --zone=<public> --add-port=<25565/tcp> --add-port=<19132/udp>
# To reload firewalld to force rule changes to take effect:
firewall-cmd --reload