recently someone announced a firewalld module which might help you
i wasn’t sure if the module was intended to allow imperative management of the firewall as well… you could ping the author in the linked thread and ask - if so, it should work for you