As an aside, I just did it on Rocky 9 and it works:
firewall-cmd --zone=external --add-interface=enp2s0 --permanent
firewall-cmd --zone=internal --add-interface=enp1s0 --permanent
firewall-cmd --set-default-zone=external --permanent
firewall-cmd --reload
firewall-cmd --get-default-zone
firewall-cmd --new-policy internal-external --permanent
firewall-cmd --reload
firewall-cmd --policy internal-external --add-ingress-zone=internal --permanent
firewall-cmd --policy internal-external --add-egress-zone=external --permanent
firewall-cmd --policy internal-external --set-target=ACCEPT --permanent
firewall-cmd --reload
firewall-cmd --info-policy internal-external
enp1s0 being my internal network with just an IP assigned. enp2s0 being the internet connection with the default route set appropriately. I actually edited /etc/firewalld/firewalld.conf and set here the Default Zone, but I expect the command I show above would actually do the same thing. I create the policy, add the ingress and egress zones, change the target, and then it worked for me.