On 9/8/2010 9:52 AM, Matthew Miller wrote: > On Wed, Sep 08, 2010 at 02:47:46PM +0100, Timothy Murphy wrote: >> Thanks, I'll try that. >> I had heard of fail2ban , but was slightly put off by the strange name; >> what exactly is the name meant to convey? > "to" as in the sense of "moving to", or "converting to". Failures (login > failures normally, but other errors or log patterns can be used) cause the > triggering IP address to be banned. (Or another action to be taken.) > > This is excellent for preventing brute-force ssh attacks. > I've never used fail2ban, but from the wide community support, I'm sure it is more than just a viable option. Not to discount any of the good advice given here, but I've had great successes with Advanced Policy Firewall (apf) [1] as a front-end to iptables, and an adjunct program, Brute Force Detection (bfd)[2]. Very flexible and easy-to-adjust settings, with global settings easily overridden on a service-by-service level. My .02. YMMV, of course. HTH, -Ray [1] http://www.rfxn.com/projects/advanced-policy-firewall/ Note: I've always installed from the rfxn.com site directly, but there appears to be an RPM available at rpmforge: http://www.rpmfind.net/linux/RPM/dag/redhat/el5/i386/apf-9.7_1-1.el5.rf.noarch.html [2] http://www.rfxn.com/projects/brute-force-detection/