This post outlines steps to add a host or network range to a trusted zone, in firewalld, to allow all traffic regardless of the destination port.

To create a rule to allow all traffic from a node or network range, it should use the trusted network zone in firewalld.

1. To add an host to trusted zone do:

# firewall-cmd --zone=trusted --add-source=[source IP address]

For example:

# firewall-cmd --zone=trusted --add-source=10.11.12.13

or to make the rule persistent across reboots:

# firewall-cmd --zone=trusted --add-source=[source IP address] --permanent

2. If a network range is needed instead of an host, the command should be:

# firewall-cmd --zone=trusted --add-source=[network IP]/[netmask]

For example:

# firewall-cmd --zone=trusted --add-source=10.11.12.0/24

Note that when adding public and trusted zone, the public zone takes precedence over the trusted zone, so if there is an overlap, the trusted zone will not be used.

For example:

# firewall-cmd --zone=public --add-source=10.11.12.0/24
# firewall-cmd --zone=trusted --add-source=10.11.12.128/25

this trusted zone will not be used and only the rules for the public will be used.