用firewall-cmd阻止某个IP访问

Question: How tp add a rule using firewall-cmd to drop/reject specific IP connecting to the server? This can be used as an added security on the server.

firewall-cmd is the most common method of managing firewalld configurations (both running as well as permanent). This tool is a part of the firewalld package.

  1. Create new rule to drop specific IP connecting on the server.
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='xx.xx.xx.xx/xx' drop"
  1. Reload firewall-cmd
firewall-cmd --reload
  1. Check new rules.
firewall-cmd --list-all

Remove the Rule

To remove new created rule:

firewall-cmd --permanent --remove-rich-rule="rule family='ipv4' source address='xx.xx.xx.xx/xx' drop"