One note of warning:
PHP treats ' and " differently. Stuff inside ' quotes is not parsed by PHP, but stuff inside " is. You placed your $ip_address variable inside ' quotes, so the exec command executed by bash would have the literal text $ip_address in the command, rather than the substitution for 192.168.1.1 or whatever as you intended.
You have two options:
1. Use double quotes:
echo exec("iptables -A INPUT -s $ip_address -j DROP");
2. Use string concatenation:
echo exec('iptables -A INPUT -s ' . $ip_address . ' -j DROP');