As a part of hardening your Linux, you may enable hidepid option for /proc. But this breaks the interactive authentication provided by the KDE Polkit Authentication Agent. KDE Plasma no longer asks for sudo password.
Symptoms
Error enabling firewall: Interactive authentication required.
Scanning for errors in journalctl for firewalld, you may find -
May 11 20:22:03 arch kcmshell5[6935]: firewalld.client: Job Error: 100 "Interactive authentication required."
May 11 20:22:44 arch kcmshell5[6966]: firewalld.client: Job Error: 100 "Interactive authentication required."
The interactive authentication window is generated by polkit-kde-authentication-agent. It fails to start. Looking into journalctl shows the below error -
May 11 20:05:34 arch polkit-kde-authentication-agent-1[709]: "Cannot create unix session: No session for pid 709"
May 11 20:05:34 arch polkit-kde-authentication-agent-1[709]: "Cannot register authentication agent!"
May 11 20:05:34 arch polkit-kde-authentication-agent-1[709]: Authentication agent result: false
May 11 20:05:34 arch polkit-kde-authentication-agent-1[709]: Couldn't register listener!
The easiest solution is to disable hidepid for /proc again.