Travel Travel reports, it is all about food
Montreal: Schwartz's, Le Petit Alep
Albums: Pictures and some notes
ITRANS Song Book Hindi, Urdu, Marathi song lyrics
Online ITRANS Web Interface
BlockHosts block hosts
BlockHosts FAQ
BlockHosts Forum
CD Inserts & Envelopes Web Interface
Nisha Ganatra's Films
Cake: starring Heather Graham
Email: avinash@aczoom.com
tcp_wrappers hosts.allow or something else
Method One: It all depends on using tcp_wrappers - you may not be able to do both allow and deny for a particular host, though. The key to note is that the tcp wrappers start looking at hosts.allow from the top, and as soon as a line matches the current IP address of the remote host, it will execute the rule in that line, and stop looking at further in the hosts.allow file.
So, if you just want to get counts of failed accesses, but still allow the hosts to continue to try to connect, just move the sshd line in hosts.allow to before the
line. Then, blockhosts will always get executed, and it will add deny rules for all blocked IPs, but all those deny rules will be in the BlockHosts Additions section which is later in the file so won't have any affect. It might also be good to drastically increase the value of the COUNT_THRESHOLD, otherwise your hosts.allow will contain a large number of :deny rules entered by blockhosts.
If you put a deny at the end of the sshd line with ALL as the pattern for IP, then it will block all non-allowed IP addresses immediately, so all will have a count of 1 (maybe 2 or 3, but very low numbers).
Method Two: if you just want counting, then don't hosts.allow. Use a cron job to run blockhosts, say every 30 minutes, Change appropriate parameters in blockhosts.cfg - HOSTS_BLOCKFILE should be the data file where you want counts kept (not hosts.allow), etc.