I would like to COMPLETELY block a specific IP address using iptables.
I found this one:
Will this work?
How do I undo the changes later?

First: I'd suggest "DROP" rather than "REJECT". With "REJECT" you're sending a response back whereas with "DROP" you're simply discarding the traffic so it has less impact on your system and also doesn't tell the sender what is happening.

Secondly: Depending on how iptables is configured for your distro there might additional considerations.
-You might have different chains/rulesets so might need to specify which one to put the new rule in.
-You might have rules at the end of your chain/ruleset that is a catchall that should stay at the end. In that case you'd want to use -I to insert rather than -A to append.

Run "iptables -L" to see what your current configuration is. (Make sure iptables is actually running - if you see only 3 rules then it may be a sign it isn't.)

Also be sure to use iptables-save to save your rules to whatever iptables copy is used at reboot so the rules get reloaded at boot.

1 members found this post helpful.

Also, get rid of the TCP match:To delete the rule just use -D instead of -I, like: