On Mon, 2012-08-13 at 13:30 -0400, m.roth at 5-cent.us wrote: > Sorry, can't do that with servers whose websites are open to the world, > and when folks here have collaborators around the world. Well if those people have to log in using SSH from all across the world white listing would not be feasible. But I wouldn't expect you to let those collaborators log in to your log host from anywhere? So white listing and blocking anyone else (on single or repeated connect or disconnect) should be an option there. Although in this scenario you could just as well block port 22 for every but the white listed hosts using iptables, unless you need the ban messages for statistical purposes. Also, in the default configuration for the ssh-iptables jail the bans resulting from failed SSH logins will only block access to port 22. So even if someone would trigger a ban by attempting too many logins within the set findtime they would still be able to access other services. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research