How to block IP address using Dynamic Firewall Manager

Block IP address using Dynamic Firewall Manager.

Use drop zone to block a network subnet.

$ sudo firewall-cmd --zone=drop --add-source=192.168.0.0/16

success

Use drop zone to block multiple IP addresses.

$ sudo firewall-cmd --zone=drop --add-source=172.16.0.2 --add-source=172.16.0.3

success

Display dropped IP addresses.

$ sudo firewall-cmd --list-sources --zone drop

192.168.0.0/16 172.16.0.2 172.16.0.3

$ sudo firewall-cmd --get-active-zones 

drop
  sources: 192.168.0.0/16 172.16.0.2 172.16.0.3
external
  interfaces: eth0
internal
  interfaces: eth1

Make configuration permanent.

$ sudo firewall-cmd --runtime-to-permanent

success

Beware, it will only block new connections. Existing connections will not be dropped.