Block IP address using Dynamic Firewall Manager.
Use drop
zone to block a network subnet.
$ sudo firewall-cmd --zone=drop --add-source=192.168.0.0/16
success
Use drop
zone to block multiple IP addresses.
$ sudo firewall-cmd --zone=drop --add-source=172.16.0.2 --add-source=172.16.0.3
success
Display dropped IP addresses.
$ sudo firewall-cmd --list-sources --zone drop
192.168.0.0/16 172.16.0.2 172.16.0.3
$ sudo firewall-cmd --get-active-zones
drop sources: 192.168.0.0/16 172.16.0.2 172.16.0.3 external interfaces: eth0 internal interfaces: eth1
Make configuration permanent.
$ sudo firewall-cmd --runtime-to-permanent
success
Beware, it will only block new connections. Existing connections will not be dropped.