BlockHosts is a script to record how many times a local system is attacked, based on configurable scanning of system logs for sshd or other services. When a particular IP address exceeds a configured number of failed login attempts, that IP address is blocked using hosts.allow files, or by using null-routing, or by using packet filtering. An email notification facility is also available.
Release Notes: Now with IPv6 support. This is preliminary, and requires underlying tools to support IPv6.
Release Notes: This release fixed a failure to read time values on certain systems that occurred because Python strptime could not read times written by strftime on the same system. The solution was to remove the use of strptime from blockhosts.py.
Release Notes: The RPM package had an incorrect dependency on Python 2.6, which is now removed.
Release Notes: Detection of duplicate log messages was fixed, since it used to mask multiple login failures for sshd.
Release Notes: iptables is now updated by inserting blockhosts blocking rules at the beginning of the chain instead of at the end. This will allow servers with default policy of both DROP or ACCEPT to make use of blockhosts. Both INPUT and FORWARD chains will now block traffic from rogue IP hosts.