Lockdown firewalld based on IP but for only a single port
I'm wanting firewalld to allow HTTP & SSH connections from any host, but to whitelist access to ~6 IPs for one particular port (memcached on TCP Port 1270). Online there seem to be two approaches for this - one is to introduce a new zone completely, and another is to add a rich-rule. I'm confused as to which is the best way to go.
Also, is it possible to add multiple IPs (not a range, i.e. multiple /32 addresses) using a single rich-rule ? If so, how do you go about this ? The only examples I can find have a single IP specified in "source address"