After my post on blocking bad bots, I remembered snort. While snort doesn't do any blocking, it does detection like the best of them. I got it up and running on debian in under 15 minutes following the instructions that come with Debian, and this page:
Using the 'snort' Intrusion Detection System
Here's what I'm thinking for a multi-layered approach to network security:
This mostly focuses on web, email, and ssh, which happen to be highly popular network services. Beyond that, I'll have to check out what is available for ldap, voip, jabber, and more.