• https://firewalld.org/documentation/man-pages/firewalld.richlanguage.html says the protocol can only be tcp or udp for port, forward-port, and source-port.
• https://firewalld.org/documentation/man-pages/firewalld.policy.html says the protocol can be tcp, udp, sctp, and dccp for each of those.
• Both consistently state that what's valid for protocol depends on what's in /etc/protocols.

Which is reality for which? And do they actually just ultimately rely on /etc/protocols in the end as well, or is this validated within firewalld itself?

Also, do the related protocol fields correspond with this in zones and helpers as well? Or do they also simply use the hardcoded constants?