Is there a way to "detect" when a certain attacker is trying an attack and block this ip? For example, today I was watching my logs (seem to be doing more and more... and saw someone trying to brute force into ssh. I subsequently grabbed their ip and blocked that with the firewall, however I would like a way to automate this so that anyone who is hitting the server multiple times for any reason such as ftp login, e-mail, etc. and is unsuccessful will be blocked in the future. How can I do this?