I am having a problem, with dropping traffic using FirewallD.
I start a continuous ping from host1.example.com (192.0.2.101) to host2.example.com (192.0.2.102), and when I execute either of the below commands on host2:
firewall-cmd -q --permanent --add-rich-rule="rule family='ipv4' source address=192.0.2.102 reject"
or
firewall-cmd --permanent --zone=drop --add-source=192.0.2.102
then reload the firewall using one of the below commands:
firewall-cmd --reload
firewall-cmd --complete-reload
systemctl restart firewalld
the continuous ping started from host1 to host2 does not drop. The only time FirewallD on host2 will drop ICMP traffic from host1 is when I kill the ping process and restart it.
I believe I am having the same issue as discussed on Why firewalld doesn't apply my drop rule?, however, none of those answers were able to help me resolve my issue.
