All ingress, egress traffic are allowed to an AWS EC2 using Security Groups.

The goal is to manage traffic and ports using FirewallD.

I have only allowed certain ports in FirewallD, but I can access services that belong outside the open ports.

Here is the output of publicly accessible services:

$ nmap -Pn <my-ip>
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2022-10-16 17:58 UTC
Nmap scan report for ec2-<my-ip>.*.compute.amazonaws.com (<my-ip>)
Host is up (0.57s latency).
Not shown: 992 filtered ports
PORT      STATE SERVICE
22/tcp    open  ssh
5432/tcp  open  postgresql
8080/tcp  open  http-proxy
8081/tcp  open  blackice-icecap
8082/tcp  open  blackice-alerts
8083/tcp  open  us-srv
9090/tcp  open  zeus-admin
50000/tcp open  ibm-db2

And, here is the output for services and ports opened with FirewallD

$ sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: cockpit dhcpv6-client ssh
  ports: 8080/tcp 8081/tcp 50000/tcp 8082/tcp 9980/tcp
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

What is missing in this setup to prevent access to port 8083 from public internet to the EC2 instance?

Thank you.