Thanks Eric. I was a bit worried about having my new table/chain doing the actual
blocking and then having firewalld just allow the port in case I did something goofy in my
table. Plus things could fail open if my table completely broke. At least having a set
reference would mean that I couldn't mess things up that badly and firewalld would
still be in control, visible, etc.
I've filed the issue -
https://github.com/firewalld/firewalld/issues/699
-nik