List sources for your zone:
firewall-cmd --permanent --zone=public --list-sources
If there are none, you can start to add them, this is your "whitelist"
firewall-cmd --permanent --zone=public --add-source=192.168.100.0/24
firewall-cmd --permanent --zone=public --add-source=192.168.222.123/32
(That adds a whole /24 and a single IP)
Set the range of ports you'd like open:
firewall-cmd --permanent --zone=public --add-port=1-22/tcp
firewall-cmd --permanent --zone=public --add-port=1-22/udp
This just does ports 1 through 22. You can widen this, if you'd like.
Reload:
firewall-cmd --reload
Check:
firewall-cmd --zone=public --list-all