Centos – How to block an ip range in Firewalld

Eventually I find the remove command only work at one-time due to the rules are recorded in the direct.xml

Thus, the solution is easy, edit the direct.xml and comment the corresponded lines or jsut delet them.

You have set the permanent firewalld configuration, but you did not change the actual running configuration.

You should not use --permanent in any firewall-cmd commands, because you may lock yourself out of the system if you make a mistake. Instead, you should execute the same command without --permanent, which causes it to take effect immediately but not persist, and then when you are sure the rules work properly, you can save them with firewall-cmd --runtime-to-permanent.