It would be very nice to have a feature in the system for blocking bad / atackers IP adress automaticly.
Something like Fail2ban. A script that check the log's and if there are messages like "unauthorized" or that kind that it blocks the IP automaticaly.
In our case the specified IP will be added to firewal's blocked IP list.
and there should be a setting where you can set things like :
how many error trials before adding the IP to the blocked IP list.
this one is nice, will block all attackers automaticly.
and if somebody is landed in the blocked list while testing or setting then we can always remove them manually from the block list.
check Fail2ban or same type solutions for more info.
thanks in advance.