I may be entirely wrong in my observation, so please correct me where I am wrong.
I observe that firewalld is very flexible and powerful and will add and delete IPs without having to restart. Zones may be switched on the fly. The code is changing at a rapid pace. And, what seems to be a big one to me, there are more than one way to do something.
Having more than one way to configure essentially the same operation seems to me would add to the code complexity. Complexity often leads to code maintenance issues. Not saying there are any. Complexity leads to user confusion such as I am having now. Rapidly developing code causes documentation lag; one reason this list is so valuable.
I am a developer professionally. If I am having issues understanding, then how about someone who is strictly a user? Maybe no one else has the issue of over 8000 IPs being dropped at the firewall, but I certainly do and I am finding it hard to address with my understanding of firewalld.
Thanks to the developers for the hard work. Hope someone with first hand knowledge of the development can set me straight.
Regards, John