denyhosts
2008.06.05
denyhosts with its distributed/auto updating stuff is pretty neat. i would put any known-good hosts in hosts.allow just in case, but looking through the configs, it’d be fairly difficult to lock yourself out.
plus, there’s a debian package.