[CentOS] firewalld rule syntax

I'm still learning firewalld obviously, and I am having trouble groking 
the documentation to understand how to do this.

I know I could do an iptables direct, but that doesn't seem like the 
"right" way to do it.

What I'm trying to do is allow a specific service, only for a specific ip.

Effectively, SNMP should be allowed form a specific IP address (the 
systems monitor). What would be the most correct way of doing this?

Create a zone for the snmp, then add the associated interface to that zone?

firewall-cmd --zone=monitoring --add-source=1.2.3.4/32
firewall-cmd --zone=monitoring --add-service=snmp
firewall-cmd --zone=monitoring --add-interface=ens192
firewall-cmd --runtime-to-permanent

Would this be an appropriate approach? Is it the 'most correct' way?

-- 
-----------------------------------------------
-  Nick Bright                                -
-  Vice President of Technology               -
-  Valnet -=- We Connect You -=-              -
-  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
-  Web http://www.valnet.net/                 -
-----------------------------------------------
- Are your files safe?                        -
- Valnet Vault - Secure Cloud Backup          -
- More information & 30 day free trial at     -
- http://www.valnet.net/services/valnet-vault -
-----------------------------------------------

This email message and any attachments are intended solely for the use of the addressees hereof. This message and any attachments may contain information that is confidential, privileged and exempt from disclosure under applicable law. If you are not the intended recipient of this message, you are prohibited from reading, disclosing, reproducing, distributing, disseminating or otherwise using this transmission. If you have received this message in error, please promptly notify the sender by reply E-mail and immediately delete this message from your system.