FirewallD

systemctl start firewalld
systemctl enable firewalld

firewall-cmd --reload

firewall-cmd --list-all

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>redis</short>
  <description>redis</description>
  <port protocol="tcp" port="6379"/>
</service>

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>sentinel</short>
  <description>sentinel</description>
  <port protocol="tcp" port="26379"/>
</service>

firewall-cmd --reload
firewall-cmd --get-services

firewall-cmd --permanent --new-service=http
firewall-cmd --permanent --service=http --add-port=80/tcp
firewall-cmd --permanent --service=http --add-port=443/tcp
firewall-cmd --permanent --service=http --set-description=nginx
firewall-cmd --permanent --service=http --set-short=nginx

firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="217.20.165.109/32" service name="redis" accept'
firewall-cmd --reload

firewall-cmd --list-all-zones

firewall-cmd --permanent --new-zone=demo
firewall-cmd --permanent --zone=demo --add-source="178.150.44.191/32"
firewall-cmd --permanent --zone=demo --add-source="217.20.165.104/29"
firewall-cmd --reload
firewall-cmd --get-active-zones
firewall-cmd --zone=demo --list-services
firewall-cmd --permanent --zone=demo --add-service=ssh
firewall-cmd --reload
firewall-cmd --zone=demo --list-services

firewall-cmd --permanent --new-zone=demo
firewall-cmd --permanent --zone=demo --add-source="178.150.44.191/32"
firewall-cmd --permanent --zone=demo --add-source="217.20.165.104/29" --set-short="office"
firewall-cmd --permanent --zone=demo --list-sources
firewall-cmd --permanent --zone=demo --add-service=ssh
firewall-cmd --permanent --zone=public --remove-service=ssh
firewall-cmd --reload

firewall-cmd --permanent --zone=demo --remove-source="217.20.165.104/29"
firewall-cmd --permanent --zone=trusted --add-source="217.20.165.104/29"
firewall-cmd --reload