So, you’ve got a couple of obvious options. One would be to setup iptables (more flexible and, I think, more useful, on servers, but also more complicated), the other would be to start firewalld. Webmin has a module for either; there’s also a CSF module for Webmin, but that may be overkill for your needs. I usually use iptables, because I know it really well, and it is flexible and powerful enough for everything I need.
Firewalld is the new management service used, by default, in CentOS 7 and recent versions of Fedora. It is integrated with systemd, which allows it to dynamically apply rules based on what’s running, and the network your system is connected to (e.g. if you have a wired network at work and a wifi network at home, the firewall can act differently in either case). But, for servers, the additional features are pretty much extraneous and may even get in the way. For a server, you mostly just want to say, “Open these ports, and leave them open forever, because I have services running on them.”
I’m surprised firewalld isn’t already running; I though it was on by default on a CentOS 7 system. The fact that it’s not running might mean it didn’t get new rules added when Virtualmin was installed. Our installation detects which firewall you have (whether iptables or firewalld on CentOS) and inserts the rules in needs for all of the services it manages. You can, of course, customize those rules at any time in the Linux Firewall or Firewalld module.
Here’s a good post about iptables on CentOS 7, if you want to go with iptables:
If you wan to use firewalld, just restart the firewalld service. Webmin should then let you edit the rules normally.
Anyway, when turning on a firewall for the first time, you should make sure it’s not going to lock you out; at the very least, make sure the starting rules are going to allow you to login via ssh, so you can fix it if anything goes wrong.