firewalld is a rather unique animal, in that it comes with several preconfigured zones and services. If you look in the /usr/lib/firewalld/zones directory of your CentOS machine, you'll see the zones files, all in .xml format:
[donnie@localhost ~]$ cd /usr/lib/firewalld/zones[donnie@localhost zones]$ lsblock.xml dmz.xml drop.xml external.xml home.xml internal.xml public.xml trusted.xml work.xml[donnie@localhost zones]$
Each zone file specifies which ports are to be open, and which ones are to be blocked for various given scenarios. Zones can also contain rules for ICMP messages, forwarded ports, masquerading information, and rich language rules.
For example, the .xml file for the public zone, which is set as the default, looks ...