Didn't see any hits here on fail2ban - anyone else using it to dynamically block nefarious IP's? So far, it seems pretty slick. I recently installed it on a new dedicated debian box, and it's nailing 10-15 bad guys a day. It scans system logs looking for failed logins, and dynamically adds an IPTABLES rule to drop connections from the offending IP once a configured threshold is met. Configuration is pretty easy - I took most of the defaults, but did add two static IP's to the exclusion list for hosts sites I connect from. Wouldn't want to get locked out of my own server... SSH log scans are the only service enabled by default, but it's pretty easy to activate it for ftp, apache and postfix as well.
I've never used it but it sounds like a good tool. Are you able to configure the rules it adds to IPTables ? I was wondering if you could block just port 22 and leave port 80 available to them, just in case it's one of your regular users with some malware on his system that's attempting the logins. Also, is it capable of adding rules to another Firewall, such as ipfw or ipf ?
You can block whatever you wish, by tweaking the config file - it's pretty flexible. At least on Debian, the config file is pretty well documented, showing your options. I've no experience with it, but the docs indicate ipfw is supported.