Newer versions of checkmk-agent for linux started to use systemd instead of xinetd to spawn the agent. So you loose the ability to limit access through a simple config file.
My Solution was with a rule in firewalld. You have to use a rich rule. Sadly thats not as easy as the usual firewalld stuff…
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="220.127.116.11/32" port protocol="tcp" port=6556 accept'
Afterwards simply restart firewalld or reload rules.