I have written a script that will find failed ssh logins and block the offending ip address and set it up to write to my firewall which was generated by alien bobs script.

I just want to check the command i am adding to the end of the script is correct.

iptables -A INPUT -s IPADDRESS -j DROP

Thanks

This is my /etc/rc.d/rc.firewall i use this to block brute force ssh logins

The xxx.xxx.xxx.xxx is where you put a remote ip you want to always accept. you can keep adding ips if needed.
These tables will also drop localhost connection if the ip isnt set in xxx.xxx.xxxx.xxx

After 3 bad login attempts, there connection is dropped for 5 minutes.
Each time they try and login after the connection has been dropped keeps reseting the timer to 5 minutes.

This is a script i found and been using for awhile now.
I know i didnt realy answer your question but just showing you another way of going about what your after.

Thanks for that i have been teaching my self Perl which is why i wrote the script, but your code there confirms that the command i have should work and now my script is finished it can be deemed unnecessary as there is no point checking the log file if that is all that's needed.

EDIT: my reply was similar to that to Scuzz.

I have just noticed my modem flashing like mad and it turns out that adding the above to my firewall script doesn't work for some reason.

Can anyone let me know if there is anything different i can do to make it work with alien bobs firewall generator?

EDIT

Sorry posted to soon i placed the code in the ssh section and it worked.