>Stop it at the Edge Router not the machine. Fair enough, but now I have to manually scour the logs and maintain a dynamic block list? >Adding layers of security become problems like you are getting. I agree, and if my edge router had the functionality to inspect http requests I would:) >Ban the ip block with iptables. ? That's what fail2ban is setup to do, as the email suggested its not restoring bans correctly on restarts.