I agree with len on that one, in addition to your perimiter firewall, should run something on the box itself, I run ipf, it also gives the advantage of using the autodropper scripts, so that you can have the box just not communicate at all with repeat offenders.
Don
