Sometimes - maybe quite often actually - I want to allow access to a specific port on my CentOS server for just a single ip, or a few. With firewalld, using a rich rule seems to be the most straight forward way to accomplish this. Other methods require diving into configuring other zones than 'public', which I prefer to avoid. My cases aren't that complex.
The rich rule is this:
firewall-cmd --permanent --zone=public
--add-rich-rule=' rule family="ipv4" source address="123.456.7.89"
port protocol="tcp" port="10000" accept'
Of course, change the source address to the ip you want to allow access, and change the port to whichever you want to open up.
Tweaking rich rules can become a bit tricky. The easiest way to do so is to open the actual xml configuration. It is located at /etc/firewalld/zones/public.xml. You can change or remove any of the rich rules there.