Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 06-03-2009, 09:17 AM   #1
LQ Newbie
Registered: Jun 2009
Posts: 2

Rep: Reputation: 0
Difference between iptables and /sbin/route

What is the difference between iptables and /sbin/route?
Which one is used for what purpose?
I see that both can be used to block an IP from reaching your host.

Old 06-03-2009, 09:43 AM   #2
Registered: Jul 2003
Location: Cairo, Egypt
Distribution: CentOS, RHEL, Debian, FreeBSD
Posts: 94

Rep: Reputation: 38
From man pages...

iptables - administration tool for IPv4 packet filtering and NAT
route - show / manipulate the IP routing table
iptables, basically is a firewall, it filters the packets routed through a box, or the packets to/from a box
route, manages the routings to/from network/hosts

Only iptables is used to block IPs.

For more...

$ man iptables
$ man route
Old 06-04-2009, 10:13 AM   #3
LQ Newbie
Registered: Jun 2009
Posts: 2

Original Poster
Rep: Reputation: 0
I read somewhere that you can block an IP using -

If you are being attacked or abused by a particular host, just enter the following command to deny all access to the host:

/sbin/route add -host <ip address> reject

Replace with the IP address of the host you want to block. The address will stay blocked until you bounce the interface. Alternatively, you could allow access by:

/sbin/route del -host <ip address> reject

Hence I'm still confused if I could route to block IP address or not.
It did block the IP i wanted to block...but not sure if it is as secure as iptables.
Old 06-04-2009, 12:43 PM   #4
Registered: Aug 2003
Location: Seattle
Distribution: ubuntu, lately
Posts: 182
Blog Entries: 1

Rep: Reputation: 35
you can use either. route reject is more esoteric than iptables, but if it works for you then you can probably use it without worry.

I'm not sure what you mean exactly by "as secure". If you mean that you can use it with confidence that it will: 1) truly reject all packets from the given IP and 2) persist across other route table changes then it should be fine. If you're asking the general community which method is preferable, most will say iptables, as it's in wide use and is made for exactly these kinds of operations.

If you have more detailed security questions on the use of routing table rejects vs iptables, you might post them in the linux-security forum. From my observations, the linux-networking forum answers more the "how-to" of network security issues, the linux-security forum is better to answer the "why".
Old 06-05-2009, 03:25 AM   #5
Registered: Mar 2009
Posts: 249

Rep: Reputation: 27
Originally Posted by svittal View Post
If you are being attacked or abused by a particular host, just enter the following command to deny all access to the host:

/sbin/route add -host <ip address> reject
That only blocks traffic from the IP address if RPF (reverse path filter) is enabled.


difference, iptables

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
difference between /sbin /usr/sbin ram_rajavarapu Linux - Enterprise 7 11-09-2008 10:40 PM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
Nothing happens when I run /sbin/route -n HyperSprite Linux - Networking 3 04-28-2004 04:20 PM
/sbin/route -n and defautl gateway shanenin Linux - Networking 1 02-05-2004 01:10 PM
Wrap up of the /sbin/route command acura94 Programming 1 09-11-2002 03:52 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:28 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration