From ba46a5e80f2793156d92abac0bf37c7725bed3b3 Mon Sep 17 00:00:00 2001
From: mico <mic0@mic0.dev>
Date: Wed, 26 Nov 2025 18:00:37 +0100
Subject: [PATCH] Updates on setup & firewall

---
 00_setup.md    | 5 +++--
 02_firewall.md | 6 ++++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/00_setup.md b/00_setup.md
index be27ad9..6f377db 100644
--- a/00_setup.md
+++ b/00_setup.md
@@ -13,7 +13,8 @@ dnf update -y && dnf upgrade -y
 Then install the neccessary packages
 
 ```sh
-dnf install -y epel-release firewalld bind-utils git fail2ban neovim
+dnf install -y epel-release firewalld bind-utils git
+dnf install -y fail2ban neovim
 ```
 
 `epel-release` is neccessary to get fail2ban and some later dependencies
@@ -78,7 +79,7 @@ usermod -aG wheel admin # Give elevated (sudo) privileges to the user
 Switch to `admin` account
 
 ```sh
-su -i admin
+su - admin
 ```
 
 Create files and paste your public key
diff --git a/02_firewall.md b/02_firewall.md
index 2052ee5..302a607 100644
--- a/02_firewall.md
+++ b/02_firewall.md
@@ -48,8 +48,9 @@ sudo firewall-cmd --set-default-zone=public
 Then open the relevant ports and reload the firewall
   
 ```sh
-sudo firewall-cmd --permanent --zone=public --add-port=80/tcp
-sudo firewall-cmd --permanent --zone=public --add-port=443/tcp
+sudo firewall-cmd --permanent --zone=public --add-port=22/tcp # SSH
+sudo firewall-cmd --permanent --zone=public --add-port=80/tcp # HTTP
+sudo firewall-cmd --permanent --zone=public --add-port=443/tcp # HTTPS
 sudo firewall-cmd --reload
 ```
 
@@ -58,6 +59,7 @@ OR
 You can also open "services", these are just aliases for port/protocol pairing (aka service=http is equal to port 80/tcp)
 
 ```sh
+sudo firewall-cmd --permanent --zone=public --add-service=ssh
 sudo firewall-cmd --permanent --zone=public --add-service=http
 sudo firewall-cmd --permanent --zone=public --add-service=https
 sudo firewall-cmd --reload