How to enable network routing or packet level blocking?

Use the --ipblock="ip route" or --ipblock=iptables options to enable null routing or packet filtering blocking.

Example command to use in hosts.allow:

sshd, proftpd, vsftpd: ALL: spawn /usr/bin/blockhosts.py --ipblock="ip route" \
    --logfiles="/var/log/secure,/var/log/vsftpd.log" \
    --echo "%c-%s" --mail --check-ip "%h" & \
: allow

Use --ipblock="ip route" if the ip route command null routing is desired.
Use --ipblock=iptables if iptables packet level filtering is desired.

Root permission for the run of blockhosts.py script is needed, since only root can change routing tables or install iptables rules. This works properly with correct permissions, if using hosts.access/hosts.deny to run this script.

Full path for the "ip" and "iptables" can also be provided in the --ipblock option if these are not in PATH, for example: --ipblock="/sbin/ip route" or --ipblock=/sbin/iptables.