Please open ONLY the services/ports that you have to use!
See Firewalld services list
firewall-cmd --get-services
#Allow SSH connections on tcp port 22
firewall-cmd --zone=public --permanent --add-service=ssh
#Allow other port on SSH and open that port (don't forget sshd.config)
firewall-cmd --zone=public --permanent --add-port=2233/tcp
#Remove SSH service ( which is on port 22)
firewall-cmd --zone=public --permanent --remove-service=ssh
#FTP
firewall-cmd --zone=public --permanent --add-service=ftp
#HTTP/S
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https
#SMTP/S
firewall-cmd --zone=public --permanent --add-service=smtp
firewall-cmd --zone=public --permanent --add-service=smtps
#IMAP/S, POP3/S
firewall-cmd --zone=public --permanent --add-service=imap
firewall-cmd --zone=public --permanent --add-service=imaps
firewall-cmd --zone=public --permanent --add-service=pop3
firewall-cmd --zone=public --permanent --add-service=pop3s
#DNS
firewall-cmd --zone=public --permanent --add-service=dns
#MySQL
firewall-cmd --zone=public --permanent --add-service=mysql
#COUNTER STRIKE/STEAM
#Steam Friends Service
firewall-cmd --zone=public --permanent --add-port=1200/udp
firewall-cmd --zone=public --permanent --add-port=4380/udp
#STEAM MAIN UDP
firewall-cmd --zone=public --permanent --add-port=27000-27015/udp
firewall-cmd --zone=public --permanent --add-port=27015-27030/udp
firewall-cmd --zone=public --permanent --add-port=27014-27050/tcp
#TEAMSPEAK
#VOICE
firewall-cmd --zone=public --permanent --add-port=9987/udp
#DATA
firewall-cmd --zone=public --permanent --add-port=30033/tcp
#TSDNS
firewall-cmd --zone=public --permanent --add-port=41144/tcp
#QUERY
firewall-cmd --zone=public --permanent --add-port=10011/udp
#Weblist,Accounting server/licenses
firewall-cmd --zone=public --permanent --add-port=2011-2110/udp
#RICH RULES (adapt it as you need it. you can block/permit per IP or entire classes)
firewall-cmd --permanent --zone=public --add-rich-rule='rule family=ipv4 source address=0.0.0.0/0 port port=22 protocol=tcp accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule service name=ssh family=ipv4 source address=0.0.0.0/0 accept'
firewall-cmd --permanent --add-rich-rule='rule service name=ssh limit value=10/m accept'
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='0.0.0.0/0' reject"
firewall-cmd --permanent --add-rich-rule='rule service name=ssh reject'
firewall-cmd --permanent --zone=public --add-rich-rule='rule service name=ssh family=ipv4 source address=0.0.0.0/0 accept'
#apply rules and restart firewalld
firewall-cmd --reload
#See current/all rules
firewall-cmd --list-all
#Flush/delete all current rules from firewalld (use this to start over)
firewall-cmd --permanent --reset-to-defaults
#EDIT/DELETE firewall rules
nano /etc/firewalld/zones/public.xml
