Question: How tp add a rule using firewall-cmd to drop/reject specific IP connecting to the server? This can be used as an added security on the server.
firewall-cmd is the most common method of managing firewalld configurations (both running as well as permanent). This tool is a part of the firewalld package.
- Create new rule to drop specific IP connecting on the server.
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='xx.xx.xx.xx/xx' drop"
- Reload firewall-cmd
firewall-cmd --reload
- Check new rules.
firewall-cmd --list-all
Remove the Rule
To remove new created rule:
firewall-cmd --permanent --remove-rich-rule="rule family='ipv4' source address='xx.xx.xx.xx/xx' drop"