Question: How tp add a rule using firewall-cmd to drop/reject specific IP connecting to the server? This can be used as an added security on the server.

firewall-cmd is the most common method of managing firewalld configurations (both running as well as permanent). This tool is a part of the firewalld package.

1. Create new rule to drop specific IP connecting on the server.

# firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address="xx.xx.xx.xx/xx" drop"

2. Reload firewall-cmd

3. Check new rules.

# firewall-cmd --list-all

Remove the Rule

To remove new created rule:

# firewall-cmd --permanent --remove-rich-rule="rule family='ipv4' source address="xx.xx.xx.xx/xx" drop"