This is a home grown Intrusion Prevention System I’ve called Brutus. Based on Linux Portsentry, a given server listens on standard ports (say, 80 & 443) but Portsentry listens on all other ports. When these ports are touched (always the result of a portscan) Portsentry executes Brutus scripts which instruct the firewall to null-route the offending IP. Brutus was designed for PFSense but it works with Zywall and any other firewall that supports SSH, SSH keys and setting null-route via remote command.
Part of the Brutus Project, this article goes over Brutus client servers, so that you can run one main Brutus server and all the other servers in your network send it commands remotely.
Part of the Brutus Project, this article goes over the main Linux server running Portsentry and Brutus.
Part of the Brutus Project, this article goes over firewall placement and configuration highlights.
Brutus is the name of a series of scripts that allows Portsentry to work with your firewall, helping to prevent would-be attackers from penetrating your network.