Brutus IPS

This is a home grown Intrusion Prevention System I've called Brutus. Based on Linux Portsentry, a given server listens on standard ports (say, 80 & 443) but Portsentry listens on all other ports. When these ports are touched (always the result of a portscan) Portsentry executes Brutus scripts which instruct the firewall to null-route the offending IP. Brutus was designed for PFSense but it works with Zywall and any other firewall that supports SSH, SSH keys and setting null-route via remote command.
Brutus – Brutus Client

Part of the Brutus Project, this article goes over Brutus client servers, so that you can run one main Brutus server and all the other servers in your network send it commands remotely.