Difference between iptables and /sbin/route
 

What is the difference between iptables and /sbin/route?
Which one is used for what purpose?
I see that both can be used to block an IP from reaching your host.

Thanks

From man pages...

iptables, basically is a firewall, it filters the packets routed through a box, or the packets to/from a box
route, manages the routings to/from network/hosts

Only iptables is used to block IPs.

For more...

I read somewhere that you can block an IP using -


If you are being attacked or abused by a particular host, just enter the following command to deny all access to the host:

/sbin/route add -host <ip address> reject

Replace with the IP address of the host you want to block. The address will stay blocked until you bounce the interface. Alternatively, you could allow access by:

/sbin/route del -host <ip address> reject


Hence I'm still confused if I could route to block IP address or not.
It did block the IP i wanted to block...but not sure if it is as secure as iptables.

you can use either. route reject is more esoteric than iptables, but if it works for you then you can probably use it without worry.

I'm not sure what you mean exactly by "as secure". If you mean that you can use it with confidence that it will: 1) truly reject all packets from the given IP and 2) persist across other route table changes then it should be fine. If you're asking the general community which method is preferable, most will say iptables, as it's in wide use and is made for exactly these kinds of operations.

If you have more detailed security questions on the use of routing table rejects vs iptables, you might post them in the linux-security forum. From my observations, the linux-networking forum answers more the "how-to" of network security issues, the linux-security forum is better to answer the "why".

That only blocks traffic from the IP address if RPF (reverse path filter) is enabled.