--On Sunday, September 27, 2020 8:57 PM +0000 Jason Long
<hack3rcon(a)yahoo.com> wrote:
I need the experts advice about the best Firewalld configuration for
a
web server. In Firewalld, I just opened port 80,443 and 22, but I'm sure
with Firewalld I can protect my server with other useful rules. Can
anyone share some good rules? For example, limitation or...
"Good" rules keep everything out. Any rule you add to the default
configuration increases the attack surface. It's a tradeoff between
exposing services and securing the server. Now that you've opened those
ports, you have to rely on those services to defend themselves.
BTW, you shouldn't open ports. You should enable services. Enable the http,
https, and ssh services.
Your next step is to research how to harden those services against attack.
Check with your webserver vendor (Apache, Nginx, etc.) and your sshd
supplier (probably openssh) for optimal settings.