Blocking IP addresses using Firewalld rhel 7.0

Latest response

Is there a way to block a specific ip address in firewalld ?

I know it can be done in iptables, however I would like to use the firewalld service.

Guy Rich's picture


I'm getting up to speed myself, so - please keep that in mind ;-)

From what I can gather, this activity is considered a "rich-rule"

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='' reject"

Check here (Under "Actions"):

Thanks very much it seems simple enough.


Hello, see also Configuring Complex Firewall Rules with the "Rich Language" Syntax in the Red Hat Enterprise Linux Security Guide.

Just to add a side question.... Can you add the ip or range to the "blocked" or "drop" firewalld zone? No because interfaces are not active on those zones.

Great info, thanks for sharing!

I just added the following to the drop zone and it worked without any issue:

firewall-cmd --zone=drop --add-source=x.x.x.x/xx

replace x.x.x.x with the IP and you can add the subnet under /xx

Was this helpful?

We appreciate your feedback. Leave a comment if you would like to provide more detail.
It looks like we have some work to do. Leave a comment to let us know how we could improve.

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.