firewall-cmd is the primary command line tool for firewalld. It can be used to get state information about firewalld, to get the firewall configuration for the runtime and permanent environment and also to alter those.
Depending on the selected policy, you need to be authenticated to be able to access or alter the firewalld configuration. polkit is used for this. It is only usable if firewalld is running.
This tool is used also by services to have a simple migration path from using iptables calls.
Examples of the firewall-cmd usage
To get the firewalld version:
$ firewall-cmd --version
To get the firewall-cmd help output:
$ firewall-cmd --help
To get the firewalld state:
$ firewall-cmd --state
To get the active zones with bindings:
$ firewall-cmd --get-active-zones
To get the zone of the interface
$ firewall-cmd --get-zone-of-interface=em1
Please have a look at the firewall-cmd man page.