Brute Force Blocking script

hi guys, new to the forum we just picked up a 6800 since our old D25 couldn't handle capacity, Anywho we needed a better way to block brute force attacks.

So in CodeShare I found the DNS Flood prevention script.. well we turned it into a brute-force attack/reject script.

when RULE_INIT {
  set ::maxquery 50
  set ::holdtime 600
  set ::bantime 3600
  array set ::usertable { }
  array set ::blacklist { }
}
when HTTP_RESPONSE {
if { [HTTP::status] equals "401" } {
set currtime [clock second]
set srcip [IP::client_addr]
if { [ info exists ::blacklist($srcip) ] } { 
} else {
if { [ info exists ::usertable(freq,$srcip)] } {
incr ::usertable(freq,$srcip)
log local0.  "$srcip^$::usertable(firsthit,$srcip)^$::usertable(freq,$srcip)"
} else {
set ::usertable(freq,$srcip) 1
set ::usertable(time,$srcip) $currtime
set ::usertable(firsthit,$srcip) $currtime
}
}
} else { return } 
}
when HTTP_REQUEST {
set srcip [IP::client_addr]
set currtime [clock second]
if { [ info exists ::blacklist($srcip) ] } {
    
if { $::bantime > [expr ${currtime} - $::blacklist($srcip) ] } {
drop
     log local0.  "drop $srcip"
return    
} else {
unset ::blacklist($srcip)
log local0. "remove $srcip from blacklist"
}
}
if { [ info exists ::usertable(freq,$srcip)] } {
if { $::usertable(freq,$srcip) > $::maxquery } {
log local0. "new blacklist member <$srcip> with $::usertable(freq,$srcip) times"
set ::blacklist($srcip) $currtime
unset ::usertable(freq,$srcip)
unset ::usertable(time,$srcip)
unset ::usertable(firsthit,$srcip)
drop
return
}
}
}

Anything you guys could see as improvements/leaks etc? Cheers!