I tested this using CentOS 7 with firewalld service running.

Get Default Zone

To know the default zone, use this command

firewall-cmd --get-default-zone

Get Active Zones

firewall-cmd --get-active-zones

List Zone Services

To check services, ports and settings on a specific zone, use this command

firewall-cmd --zone=public --list-all

Add a permanent port into a zone

Adding a permanent TCP/UDP port in a specific zone. Example: opening MongoDB port

firewall-cmd --permanent --zone=public --add-port=27017/tcp
firewall-cmd --permanent --zone=public --add-port=27017/udp

Remove a permanent port from a zone

firewall-cmd --permanent --zone=public --remove-port=27017/tcp
firewall-cmd --permanent --zone=public --remove-port=27017/udp

Firewall-cmd reload

To reflect your firewall changes. You have to reload the firewall using the following command

firewall-cmd --reload