This is about how to drop incoming connection using firewalld on centos7.
First, check what zones your firewalld provides.
# firewall-cmd --get-zones
block dmz drop external home internal public trusted work
This time I need drop zone and it is listed.
Now to list IP address which want to be dropped, run command:
# firewall-cmd --zone=drop --permanent --add-source=192.168.0.0/24
# firewall-cmd --reload
Do not forget to reload or the rule will not be loaded.
To confirm current setting, run command:
# firewall-cmd --get-active-zones
dmz
interfaces: eth1
drop
sources: 192.168.0.0/24
public
interfaces: eth0
And, to remove rules from drop zone, run command:
# firewall-cmd --zone=drop --permanent --remove-source=192.168.0.0/24
# firewall-cmd --reload