This is how I block:
# class A xxx.0.0.0/8 255.0.0.0
# class B xxx.xxx.0.0/16 255.255.0.0
# class C xxx.xxx.xxx.0/24 255.255.255.0
# 128 subnet xxx.xxx.xxx.xxx/25 255.255.255.128
# 64 subnet xxx.xxx.xxx.xxx/26 255.255.255.192
# 32 subnet xxx.xxx.xxx.xxx/27 255.255.255.224
# 16 subnet xxx.xxx.xxx.xxx/28 255.255.255.240
# 8 subnet xxx.xxx.xxx.xxx/29 255.255.255.248
# 4 subnet xxx.xxx.xxx.xxx/30 255.255.255.252
# 2 subnet xxx.xxx.xxx.xxx/31 255.255.255.254
# single address xxx.xxx.xxx.xxx/32 255.255.255.255
# Drop everyting from the following ip's
echo "Process the bad people ..."
$IPT -A INPUT -p ALL -s 210.159.198.0/24 -j DROP
etc...
For logging, I set this up in syslog.conf:
# log iptables
kern.warning /var/log/iptables.log
Havn't tried this yet, but was about to install: IPTables log analyzer
http://www.gege.org/iptables/dig -x 210.159.198.1
gives you the domain, then a simple whois gives you the ISP...
Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
