This will disable SSH login as root
sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config && \ /etc/init.d/sshd restart
Check Configuring iptables on CentOS post.
Why should you do that while APF or CSF can do it automatically?
Because APF/CSF could block an important bot testing your server to add to search index. So reviewing every ip would be a daily task!
Ok, so how?
using RHEL4, centos4