Network traffic filtering on RHEL-based distributions is handled by firewalld, which organizes rules into zones and requires explicit synchronization between permanent and runtime configurations.

Verify the daemon's current state:

systemctl is-active firewalld

Initialize the service and configure it to launch automatically during system boot:

sudo systemctl enable --now firewalld

To expose a web application, assign the required TCP ports to the default zone and commit the changes. The configuration must be reloaded to activate persistent rules:

sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --zone=public --add-port=443/tcp --permanent
sudo firewall-cmd --reload

Confirm the active zone settings:

sudo firewall-cmd --list-all

Debian-based platforms typically rely on ufw as a frontend for netfilter. Unlike firewalld, rule modifications are applied immediately to the kernel packet filter.

Inspect the current filter status and logging level:

sudo ufw status verbose

Activate the firewall framework:

sudo ufw enable

Establish a secure baseline by rejecting unsolicited inbound connections while permitting all outbound requests:

sudo ufw default deny incoming
sudo ufw default allow outgoing

Permit remote administration by explicitly allowing TCP traffic on the standard SSH port:

sudo ufw allow proto tcp to any port 22

Validate the updated rule chain:

sudo ufw status numbered