How to manage firewall on Centos7 with firewall-cmd

Centos7 is a great server OS. There are bunch of other sites, which describe how to manage firewall rules, here I am just gathering those, that I often use, so I don’t have to google them again.

# show firewall state
firewall-cmd --state
# list all rules
firewall-cmd --list-all
# accept (allow everything) from the network range
firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="" accept'
# add specific service for public access
firewall-cmd --zone=public --add-service=http
firewall-cmd --zone=public --add-service=https

# remove specific service for public access
firewall-cmd --zone=public --remove-service=cockpit

# add port forwarding to local IP (example for port 5432)
firewall-cmd --add-masquerade
# NOTE: - i could not make it work, so I ended setting up HAProxy for this
# save running configuration, so it is maintained after reboot
firewall-cmd --runtime-to-permanent