Is there a way to run just save with firewalld in RHEL7?

The version of firewalld in RHEL 7.0 has no "save" script and no way to copy the running firewall configuration to the permanent configuration. You save a firewall change with firewalld by adding --permanent to the command line making the change. Without it, any change you make is temporary and will be lost when the system restarts.

For example:

firewall-cmd --add-service=http                 # Running config
firewall-cmd --add-service=http --permanent     # Startup config

Later (post-RHEL 7) versions of firewalld do include a way to save the running configuration, and this is available now in Fedora and in RHEL 7.1. In this case the command is simply:

firewall-cmd --runtime-to-permanent

I needed to add SIP service and some IPs

in the directory /usr/lib/firewalld/services/ I added sip.xml based on other xml service files.

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SIP</short>
  <description>This is SIP, Yo! </description>
  <port protocol="udp" port="5060"/>
</service>

Then I added sip service to a firewalld

# firewall-cmd --add-service=sip --permanent 

Then I added IPs to service in /etc/firewalld/zones/public.xml

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description></description>
  <service name="dhcpv6-client"/>
  <service name="http"/>
  <service name="ssh"/>
  <service name="https"/>

  <rule family="ipv4">
    <source address="x.x.x.x/32"/>
    <service name="sip"/>
    <accept/>
  </rule>

</zone>

you can also add LOG if you add level of logging

  <rule family="ipv4">
    <source address="x.x.x.x/32"/>
    <service name="sip" 
    <log prefix="sip" level="info"/>
    <accept/>
  </rule>

after you added rules to your zone, execute

# firewall-cmd --reload

check your iptables - you should be all set.