sudo firewall-cmd --permanent --set-default-zone=dmz
sudo firewall-cmd --permanent --zone=dmz --add-port=3306/tcp
sudo firewall-cmd --permanent --zone=dmz --add-port=5432/tcp
sudo firewall-cmd --permanent --zone=dmz --add-port=10000/tcp
  
sudo firewall-cmd --permanent --new-ipset=Cloudflarev4 --type=hash:net
sudo firewall-cmd --permanent --ipset=Cloudflarev4 --add-entry=192.168.0.1
sudo firewall-cmd --permanent --ipset=Cloudflarev4 --add-entry=173.245.45.0/20
sudo firewall-cmd --permanent --ipset=Cloudflarev4 --add-entry=103.21.244.0/22
sudo firewall-cmd --permanent --ipset=Cloudflarev4 --add-entry=103.22.200.0/22
sudo firewall-cmd --permanent --ipset=Cloudflarev4 --add-entry=103.31.4.0/22
sudo firewall-cmd --permanent --ipset=Cloudflarev4 --add-entry=141.101.64.0/18
sudo firewall-cmd --permanent --ipset=Cloudflarev4 --add-entry=108.162.192.0/18
sudo firewall-cmd --permanent --ipset=Cloudflarev4 --add-entry=190.93.240.0/20
sudo firewall-cmd --permanent --ipset=Cloudflarev4 --add-entry=188.114.96.0/20
sudo firewall-cmd --permanent --ipset=Cloudflarev4 --add-entry=197.234.240.0/22
sudo firewall-cmd --permanent --ipset=Cloudflarev4 --add-entry=198.41.128.0/17
sudo firewall-cmd --permanent --ipset=Cloudflarev4 --add-entry=162.158.0.0/15
sudo firewall-cmd --permanent --ipset=Cloudflarev4 --add-entry=104.16.0.0/13
sudo firewall-cmd --permanent --ipset=Cloudflarev4 --add-entry=104.24.0.0/14
sudo firewall-cmd --permanent --ipset=Cloudflarev4 --add-entry=172.64.0.0/13
sudo firewall-cmd --permanent --ipset=Cloudflarev4 --add-entry=131.0.72.0/22
sudo firewall-cmd --permanent --new-ipset=Cloudflarev6 --type=hash:net --option=family=inet6
sudo firewall-cmd --permanent --ipset=Cloudflarev6 --add-entry=2400:cb00::/32
sudo firewall-cmd --permanent --ipset=Cloudflarev6 --add-entry=2606:4700::/32
sudo firewall-cmd --permanent --ipset=Cloudflarev6 --add-entry=2803:f800::/32
sudo firewall-cmd --permanent --ipset=Cloudflarev6 --add-entry=2405:b500::/32
sudo firewall-cmd --permanent --ipset=Cloudflarev6 --add-entry=2405:8100::/32
sudo firewall-cmd --permanent --ipset=Cloudflarev6 --add-entry=2a06:98c0::/29
sudo firewall-cmd --permanent --ipset=Cloudflarev6 --add-entry=2c0f:f248::/32
sudo firewall-cmd --permanent --zone=dmz --add-source=ipset:Cloudflarev6
sudo firewall-cmd --permanent --zone=dmz --add-source=ipset:Cloudflarev4
sudo firewall-cmd --permanent --new-ipset=Systemadministration --type=hash:net
sudo firewall-cmd --permanent --ipset=Systemadministration --add-entry=192.168.1.245
sudo firewall-cmd --permanent --ipset=Systemadministration --add-entry=192.168.1.10
sudo firewall-cmd --permanent --zone=dmz --add-rich-rule='rule family="ipv4" source ipset="Cloudflarev4" service name="https" accept'
sudo firewall-cmd --permanent --zone=dmz --add-rich-rule='rule family="ipv6" source ipset="Cloudflarev6" service name="https" accept'
sudo firewall-cmd --permanent --zone=dmz --add-rich-rule='rule family="ipv4" source ipset="Cloudflarev4" service name="http" accept'
sudo firewall-cmd --permanent --zone=dmz --add-rich-rule='rule family="ipv6" source ipset="Cloudflarev6" service name="http" accept'
sudo firewall-cmd --permanent --zone=dmz --add-rich-rule='rule family="ipv4" source address="0.0.0.0/0" service name="http" drop'
sudo firewall-cmd --permanent --zone=dmz --add-rich-rule='rule family="ipv4" source address="0.0.0.0/0" service name="https" drop'
sudo firewall-cmd --permanent --zone=dmz --add-rich-rule='rule family="ipv6" source address="::/0" service name="https" drop'
sudo firewall-cmd --permanent --zone=dmz --add-rich-rule='rule family="ipv6" source address="::/0" service name="http" drop'
sudo firewall-cmd --permanent --zone=dmz --add-rich-rule='rule family="ipv4" port port="49152" protocol="tcp" reject'
sudo firewall-cmd --permanent --zone=dmz --add-rich-rule='rule family="ipv6" port port="49152" protocol="tcp" reject'
sudo firewall-cmd --permanent --zone=dmz --add-rich-rule='rule source ipset="Systemadministration" service name="http" accept'
sudo firewall-cmd --permanent --zone=dmz --add-rich-rule='rule source ipset="Systemadministration" service name="https" accept'
sudo firewall-cmd --permanent --zone=dmz --add-rich-rule='rule family="ipv4" source address="192.168.1.50" port port="5432" protocol="udp" accept'
sudo firewall-cmd --permanent --zone=dmz --add-rich-rule='rule family="ipv4" source address="192.168.1.50" port port="5432" protocol="tcp" accept'
sudo firewall-cmd --permanent --zone=dmz --add-rich-rule='rule family="ipv4" source address="192.168.1.50" port port="3306" protocol="udp" accept'
sudo firewall-cmd --permanent --zone=dmz --add-rich-rule='rule family="ipv4" source address="192.168.1.50" port port="3306" protocol="tcp" accept'
sudo firewall-cmd --reload