1 - Active response enabled.
3 - By default, we can enable the host-deny and the
4 firewall-drop responses. The first one will add
5 a host to the /etc/hosts.deny and the second one
6 will block the host on iptables (if linux) or on
7 ipfilter (if Solaris, FreeBSD or NetBSD).
8 - They can be used to stop SSHD brute force scans,
9 portscans and some other forms of attacks. You can
10 also add them to block on snort events, for example.