Iptables reject IP address

What is the best way to reject IP address on CentOS Linux 7 server? What is the difference between DROP and REJECT? How can I reject IP address using iptables command?

If you want to give message like “connection refused” use REJECT target.

iptables IP reject example

sudo iptables -A INPUT -s -j REJECT
sudo iptables -A INPUT -s -j REJECT

iptables drop an IP address example

sudo iptables -A INPUT -s -j DROP
sudo iptables -A INPUT -s -j DROP

CentOS Linux 7 firewall-cmd reject or drop rule

firewall-cmd has different syntax:

sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='' reject"
sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='' drop"
sudo firewall-cmd --zone=drop --add-source=

See Configuring Complex Firewall Rules with the “Rich Language” Syntax


Interessing post about the difference between Drop and Reject

Linux sysadmin blog - Linux/Unix Howtos and Tutorials - Linux bash shell scripting wiki