Hello,

I am trying to block all kinds (TCP/UDP/ICMP and so on) of network traffic from/to a specific IP address, and I have used the IP 4.2.2.1 as a test. My firewall-cmd --list-all shows:

root@summersnow # firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: wlp4s0
sources:
services: dhcpv6-client
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" destination address="4.2.2.1" drop
rule family="ipv4" source address="4.2.2.1" drop
rule family="ipv4" source address="4.2.2.1" reject
rule family="ipv4" destination address="4.2.2.1" reject

However, I can confirm that I can still receive DNS responses from it by:

root@summersnow # nslookup twitter.com 4.2.2.1
Server:		4.2.2.1
Address:	4.2.2.1#53

Non-authoritative answer:
Name:	twitter.com
Address: 104.244.42.65
Name:	twitter.com
Address: 104.244.42.129

The rich rules above seem not working properly. Any ideas?

Thanks,

HanatoK