Syntax to block an IP address under Linux using IP tables:

iptables -A INPUT -s -j DROP

Replace with the IP in which you would like blocked.

  • For example, if you wish to block IP address

iptables -A INPUT -s -j DROP

  • If you just want to block access to one port from IP, say, port 22:

iptables -A INPUT -s -p tcp --destination-port 22 -j DROP

Listing IP tables rules by specification

To list out all of the active iptables rules by specification, run the iptables command with the -S option:

iptables -S

List Rules as Tables

Listing the iptables rules in the table view can be useful for comparing different rules against each other.

  • To output all of the active iptables rules in a table, run the iptables command with the -L option:
    iptables -L

List existing chains with line number

Of chains (INPUTOUTPUTTCP, etc.), you can specify the chain name directly after the -L option.

iptables -L INPUT -n --line-numbers

tyler@tylermade:~# iptables -L INPUT -n --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 f2b-wordpress-hard tcp -- multiport dports 80,443
2 f2b-wordpress-soft tcp -- multiport dports 80,443
3 f2b-sshd tcp -- multiport dports 22
4 ufw-before-logging-input all --
5 ufw-before-input all --
6 ufw-after-input all --
7 ufw-after-logging-input all --
8 ufw-reject-input all --
9 ufw-track-input all --
10 DROP all --


Unblock / Delete an IP Address

So now that you’ve blocked an IP address, what do you do if you want to remove the block?

We have two ways:

  • You can list the rules by number and delete the line by number

iptables -D INPUT 10

  • Or you can specify to reverse the DROP rule we just created:

iptables -D INPUT -s -j DROP


Leave a Reply