How to block access to IPsec for some IP address or country


For some time I have seen "peer authentication failed" entries in IPsec logs. How can I block IP address that initiates these connections? - or maybe the whole country? The "block all incoming connections from xxx IP address" rule does not work in this case.

Second question: are you planning to introduce the so-called dynamic blacklist, to which would be automatically added IP addresses notoriously trying to set up an IPsec or SSL connection using incorrect credentials or keys? This would be highly desirable because of a recent passwords and keys leak.