This page is about masquerading, a form of address translation in firewalld
Masquerading can be enabled for the zone. If you want to enable masquerading, you should enable it in the zone bound to the external interface.
firewall-cmd --zone=xxx --add-masquerade # Enable IPv4 masquerade
firewall-cmd --zone=xxx --remove-masquerade # Disable IPv4 masquerade
firewall-cmd --zone=xxx --query-masquerade # Return whether IPv4 masquerading has been enabled
firewall-cmd \
--permanent \
--zone=public \
--add-rich-rule='rule family="ipv4" source ipset="home-ipv4" masquerade'
The masquerade configuration can be present in a policy