open all ports to specific IP with firewalld

Use a firewalld zone for this. Zones can be specified either by interface or by source IP address.

In fact, by default, a zone which accepts all traffic already exists, and it is named trusted. By default, though, nothing is in this zone. So, you don't even need to create a zone, just add the IP address to the trusted zone.

firewall-cmd --zone=trusted --add-source=64.39.96.0/20

In addition to CIDR ranges, you can specify single IP addresses or ipset names prefixed with ipset:.

After this, all traffic from the specified addresses will be allowed on any port. Remember to make it permanent, either by repeating the command with --permanent appended, or by running firewall-cmd --runtime-to-permanent.