Iptables reject IP address

What is the best way to reject IP address on CentOS Linux 7 server? What is the difference between DROP and REJECT? How can I reject IP address using iptables command?

If you want to give message like “connection refused” use REJECT target.

iptables IP reject example

sudo iptables -A INPUT -s 192.168.1.100 -j REJECT
sudo iptables -A INPUT -s 208.1.2.3 -j REJECT

iptables drop an IP address example

sudo iptables -A INPUT -s 192.168.1.100 -j DROP
sudo iptables -A INPUT -s 208.1.2.3 -j DROP

CentOS Linux 7 firewall-cmd reject or drop rule

firewall-cmd has different syntax:

sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='208.1.2.3' reject"
sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.0.12' drop"
sudo firewall-cmd --zone=drop --add-source=202.54.1.0/24

See Configuring Complex Firewall Rules with the “Rich Language” Syntax

2 Likes

Interessing post about the difference between Drop and Reject
http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject


Linux sysadmin blog - Linux/Unix Howtos and Tutorials - Linux bash shell scripting wiki