firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT
firewall-cmd --direct --add-rule ipv4 filter OUTPUT 2 -j DROP
firewall-cmd --reload
#查看规则
firewall-cmd --direct --get-all-rules参考资料
https://serverfault.com/questions/618164/block-outgoing-connections-on-rhel7-centos7-with-firewalld
https://unix.stackexchange.com/questions/755756/using-zones-in-firewalld-to-block-outbound-access