Firewalld has to be started before you can do modifications.
$ sudo systemctl start firewalld
Add the required services. A list of available services can be seen by running sudo firewall-cmd --get-services.
$ sudo firewall-cmd --permanent --add-service=ssh
$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-service=https
If you have any processes that run on unusual ports, you can specify them manually.
$ sudo firewall-cmd --permanent --add-port=4444/tcp
Before you load the changes you made, you can check them by listing them.
$ sudo firewall-cmd --permanent --list-all
Tell firewalld to reload the rules with the new changes that you have made and make the it start automatically on boot.
$ sudo firewall-cmd --reload
$ sudo systemctl enable firewalld