Automatically, temporarily block penetration attempts

It would be great to be able to set up a rule that would allow us to temporarily block ip addresses from which penetration attempts are obviously occurring (such as SQL injection in the url). I imagine being able to define this rule, and the amount of time that the ip address would be blocked