I've noticed my work computer has been attacked recently from a consistent IP. Is there a way to ban access for a specific IP in RH9.0? How about having a fixed number of access attempts before removing access? Say 5 attempts from an IP (not a user name, know how to do that).

MrH

iptables should do the trick:

iptables -A INPUT -s xxx.xxx.xxx.xxx -j REJECT

And "snort" for detection, have to be careful with auto-setting up blocks as you can get false positives.

sweet :)

now to go and play...

Thanks!

MrH