This will install and configure Firewalld with an IP blocklist for specific countries and an IP blocklist for IPs and IP netblocks that are known threats. This uses the IP Sets utility for faster table updates to the blocklist and faster matching in the firewall.
Download setup script
wget -O /tmp/Install_ET_Firewall.sh https://raw.githubusercontent.com/alexlewislnk/ET-Firewalld/main/Install_ET_Firewall.sh chmod +rx /tmp/Install_ET_Firewall.sh
Run setup script
/tmp/Install_ET_Firewall.sh
Examine the script logfile for any errors
more /root/Install_ET_Firewall.log
Add additional rules, as necessary
The initial public inbound rule only allows ssh (22/tcp). If public access to other services or ports is necessary, add them now. Here is a list of some of the more common public inbound rules you may need. If you will be installing the Virtualmin LAMP/LEMP server, skip this step as the Virtualmin install will setup the necessary rules.
Web Services
firewall-cmd --zone=public --add-service=http --permanent firewall-cmd --zone=public --add-service=https --permanent
Email Services
firewall-cmd --zone=public --add-service=smtp --permanent firewall-cmd --zone=public --add-service=smtps --permanent
DNS Services
firewall-cmd --zone=public --add-service=dns --permanent firewall-cmd --zone=public --add-service=dns-over-tls --permanent
After adding your additional rules, commit the permanent configuration to become the new runtime configuration.
firewall-cmd --reload