Oct 30, 2017

Open port for a specific IP address with firewall-cmd

firewall-cmd --permanent --zone=public --add-rich-rule='    rule family="ipv4"    source address="1.2.3.4/32"    port protocol="tcp" port="4567" accept'  

Check the zone file later to inspect the XML configuration

cat /etc/firewalld/zones/public.xml  

Reload the firewall

firewall-cmd --reload
Or
firewall-cmd --zone=internal --add-service=ssh  firewall-cmd --zone=internal --add-source=192.168.8.105/32  firewall-cmd --zone=internal --add-source=192.168.8.120/32  firewall-cmd --zone=public --remove-service=ssh  

The result of this will be a "internal" zone which permits access to ssh, but only from the two given IP addresses. 

To make it persistent, re-run each command with --permanent appended.