Hello,
Finally, my approach was not compliant with firewalld implementation.
I understood that after reading to https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahos... https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org/message/65DWVPYDYIVM4QQ25UEJRXZ4DU5UZLQY/ reply.
One good approach to implement a setup based on services is: - zones define network (through sources or ifaces) - policies manage flow behaviour with the services
Now the setup is like that: There is one zone per network with an ipset associated in it. There is one policy per service with: - service = <concerned service> - ingress zone = <concerned zone> - egress zone = HOST - target = CONTINUE
Hope that helps. Many Thanks.
firewalld-users@lists.fedorahosted.org