Enable and start firewalld

systemctl enable firewalld
systemctl start firewalld

Allow SSH (22)

 firewall-cmd --zone=public --add-service=ssh --permanent

Allow http (80)

 firewall-cmd --zone=public --add-service=http --permanent

Allow https (443)

firewall-cmd --zone=public --add-service=https --permanent

Allow smtp (25)

firewall-cmd --zone=public --add-service=smtp --permanent

Optionally allow MySQL

firewall-cmd --zone=public --add-port=3306/tcp --permanent

Browser not supported