Well, shit. Firewalld has switched from using iptables as the backend, so one can't sanity check rules using that anymore. It's now using nftables. Another new thing to learn.
I discovered this when I migrated some dev boxes to CentOS Stream. So don't panic when it looks like it dumped your firewall rules.
https://firewalld.org/2018/07/nftables-backend
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!