Strengthen the Default Ruleset

firewall-cmd --permanent --add-port=port_number/tcp

firewall-cmd --permanent --add-service=service_name

DefaultZone=drop

sudo firewall-cmd --permanent --zone=trusted --add-rich-rule='rule family=ipv4 source address="127.0.0.1" destination not address="127.0.0.1" drop'
sudo firewall-cmd --permanent --zone=trusted --add-rich-rule='rule family=ipv6 source address="::1" destination not address="::1" drop'

firewall-cmd --reload

sudo firewall-cmd --permanent --zone=trusted --add-interface=lo

firewall-cmd --reload