firewalld by default does not allow packets that are dropped. In some cases, you need to find out if some packet is being dropped or not. For doing so you may want to enable logging of dropped packets with the following command:
sudo firewall-cmd --set-log-denied=all This will enable logging all the packets and help you figure out if firewalld is dropping the packet.