The following command will drop any packet coming from the IP address 1.2.3.4:
/sbin/iptables -I INPUT -s {IP-HERE} -j DROP
/sbin/iptables -I INPUT -s 1.2.3.4 -j DROP
You can also specify an interface such as eth1 via which a packet was received:
/sbin/iptables -I INPUT -i {INTERFACE-NAME-HERE} -s {IP-HERE} -j DROP
/sbin/iptables -I INPUT -i eth1 -s 1.2.3.4 -j DROP
Please note that when the “!” argument is used before the interface name, the sense is inverted:
/sbin/iptables -I INPUT ! -i {INTERFACE-NAME-HERE} -s {IP-HERE} -j DROP
/sbin/iptables -I INPUT ! -i eth1 -s 1.2.3.4 -j DROP
If the interface name ends in a “+”, then any interface which begins with this name will match. If this option is omitted, any interface name will match:
/sbin/iptables -I INPUT -i {INTERFACE-NAME-HERE}+ -s {IP-HERE} -j DROP
/sbin/iptables -I INPUT -i br+ -s 1.2.3.4 -j DROP
You can replace -I INPUT (insert) with -A INPUT (append) rule as follows:
/sbin/iptables -A INPUT -s 1.2.3.4 -j DROP /sbin/iptables -i eth1 -A INPUT -s 1.2.3.4 -j DROP
How Do I Block Subnet (xx.yy.zz.ww/ss)?
Use the following syntax to block 10.0.0.0/8 on eth1 public interface: # /sbin/iptables -i eth1 -A INPUT -s 10.0.0.0/8 -j DROP
How Do I Block and Log Dropped IP Address Information?
You can turn on kernel logging of matching packets with LOG target as follows:
# /sbin/iptables -i eth1 -A INPUT -s 10.0.0.0/8 -j LOG --log-prefix "IP DROP SPOOF A:"
