If you are not familar with firewalld and the firewall-cmd, check out our Getting Started article.

If the firewall is not locked down, services may be able to make changes to the firewall. The firewall can be locked down.

~]# firewall-cmd --lockdown=on

You will no longer be able to add a service to the firewall.

~]# firewall-cmd --add-service=dhcp --permanent
Error: ACCESS_DENIED: lockdown is enabled

Issue this command so that only you can modify the firewall. Reload the firewall, and you will again be able to modify the firewall.

~]# firewall-cmd --add-lockdown-whitelist-command='/usr/bin/python -Es /usr/bin/firewall-cmd*' --permanent