install firewalld:
yum install firewalld systemctl start firewalld.service systemctl enable firewalld.service
create zones, add rules, and attach to interfaces:
firewall-cmd --permanent --new-zone=pci-web firewall-cmd --reload firewall-cmd --permanent --zone=pci-web --add-service=https firewall-cmd --permanent --zone=pci-web --add-service=ntp firewall-cmd --zone=pci-web --permanent --change-interface=eno1 firewall-cmd --permanent --new-zone=lcl-mgt firewall-cmd --reload firewall-cmd --permanent --zone=lcl-mgt --add-rich-rule 'rule family="ipv4" source address="172.16.0.0/12" service name="ssh" log prefix="ssh" level="info" limit value="1/m" accept' firewall-cmd --permanent --zone=lcl-mgt --change-interface=eno2
confirm:
firewall-cmd --state firewall-cmd --zone=pci-web --list-all firewall-cmd --zone=lcl-mgt --list-all firewall-cmd --get-active-zones