IP Banning

Yesterday I started working with iptables to secure one of my servers.
While I am still tweaking that, there is something else I need to look
at. I have people logging into this server from all over the world and
therefore it is not easy for me to lock down the SSH port. My initial
thought is to leave it wide open, but that leaves the server rather
vulnerable. My second thought was to create a policy for each of the
users and their current ip/ip block. This seems rather tedious as many
user's ip addresses change regularly. So my question is this...

Is there an easy way to simply list accepted or not-accepted IPs in a
file and have the firewall do lookups through that?

Thanks,
Jason

"Jason Williard" <jasondubya@gmail.com> wrote in message
news:1133546673.910672.238500@g47g2000cwa.googlegroups.com
[color=blue]
> Is there an easy way to simply list accepted or not-accepted IPs in a
> file and have the firewall do lookups through that?[/color]

If your sshd is compiled with tcpwrappers support, then that's what
/etc/hosts.allow and /etc/hosts.deny are for.

Don't I feel stupid. Thanks for pointing out what I should have
already thought of :)

Thanks,
Jason