Blocking IP addresses using Firewalld rhel 7.0

Latest response

Is there a way to block a specific ip address in firewalld ?

I know it can be done in iptables, however I would like to use the firewalld service.


I'm getting up to speed myself, so - please keep that in mind ;-)

From what I can gather, this activity is considered a "rich-rule"

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='' reject"

Check here (Under "Actions"):

Thanks very much it seems simple enough.


Hello, see also Configuring Complex Firewall Rules with the "Rich Language" Syntax in the Red Hat Enterprise Linux Security Guide.

Just to add a side question.... Can you add the ip or range to the "blocked" or "drop" firewalld zone? No because interfaces are not active on those zones.

Great info, thanks for sharing!

I just added the following to the drop zone and it worked without any issue:

firewall-cmd --zone=drop --add-source=x.x.x.x/xx

replace x.x.x.x with the IP and you can add the subnet under /xx


Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.