Here is how to open a port and make it permanent with the new firewalld on RedHat/CentOS Linux 7. You can statically edit /etc/firewalld/zones/zone.conf and reload the daemon, but the right way to do is the following.
1. Open the port by specifying the proper zone, port number and protocol. Unless you do not want that rule to survive to a reboot, you have to add the “–permanent” statement :
firewall-cmd --zone=<zone> --add-port=<port_number>/<protocol> --permanent
Example :
firewall-cmd --zone=public --add-port=80/tcp --permanent
2. Then reload the firewall :
firewall-cmd --reload