Comments 6 Posted In Red Hat Enterprise Linux Tags configuration Blocking IP addresses using Firewalld rhel 7.0 Latest response 2017-09-28T20:48:25+00:00 Is there a way to block a specific ip address in firewalld ? I know it can be done in iptables, however I would like to use the firewalld service. Started 2015-02-05T19:38:00+00:00 by 2URedRiver Active Contributor 265 points Log in to join the conversation Responses Sort By Oldest Sort By Newest Guru 6863 points 5 February 2015 7:47 PM firstname.lastname@example.org Community Leader I'm getting up to speed myself, so - please keep that in mind ;-) From what I can gather, this activity is considered a "rich-rule" http://fedoraproject.org/wiki/Features/FirewalldRichLanguage#Handle_rich_rules_with_the_command_line_client firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.0.11' reject" Check here (Under "Actions"): http://fedoraproject.org/wiki/Features/FirewalldRichLanguage Active Contributor 265 points 5 February 2015 9:17 PM 2URedRiver Thanks very much it seems simple enough. Guy SW Red Hat Guru 3862 points 6 February 2015 12:17 PM Stephen Wadeley Hello, see also Configuring Complex Firewall Rules with the "Rich Language" Syntax in the Red Hat Enterprise Linux Security Guide. Red Hat Active Contributor 225 points 4 May 2017 8:26 PM Albert Wong Just to add a side question.... Can you add the ip or range to the "blocked" or "drop" firewalld zone? No because interfaces are not active on those zones. Active Contributor 232 points 26 May 2017 1:13 PM Chris Scarff Great info, thanks for sharing! VR Newbie 7 points 28 September 2017 8:48 PM V R I just added the following to the drop zone and it worked without any issue: firewall-cmd --zone=drop --add-source=x.x.x.x/xx replace x.x.x.x with the IP and you can add the subnet under /xx Close Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.