Support

Since there is SSH installed on a server and most of admins are using SSH secure then Admin Tools could use that and with the help of sudo to block somehow the hacker !

This sentence doesn't make any sense whatsoever. SSH (Secure SHell) is a method to securely log in to a console. You are probably confusing SSH with SSL (as used in HTTPS). But even then your sentence still makes no sense whatsoever. The only use of SSL is encrypting the connection between the server and your browser so that nobody eavesdropping at any point in between can see the contents of your communications.

What i am trying to say is that i prefer an attacker to be stopped in the 2nd place from the firewall than php

I agree. And I'm saying that you should not be using just a PHP-based Web Application Firewall. This is your THIRD AND LAST line of defense. The second line of defense should be a web-server-level firewall such as mod_security2 in Apache. The first line of defense is indeed iptables, but its goal is not to prevent access from a bunch of IP addresses, its goal is to prevent low-level attacks such as attacks against the TCP stack. Please note that ALL of the above (and more) are essential to running a secure server.

I mentioned this as a proposition..for future implement !

No. I very strongly disagree. It will NOT be implemented for a very good reason. Your web application MUST NOT, UNDER NO CIRCUMSTANCES WHATSOEVER be able to modify system-wide IP filtering. Simply put, a compromised site would lead to a compromised server. A compromised site can be easily fixed. A compromised server can easily mark the end of your business, depending on how deep the compromise goes and how much data was divulged in the process.

Let me give you the idea of how that would be possible. If you want Admin Tools to be able to modify iptables filtering then you need PHP to have access to the /sbin/iptables executable. This means that PHP (therefore: your web server) must run with root privileges. This is the system administration equivalent of banging a 50-gallon wooden barrel full of nitroglycerine with a sledgehammer: you don't do that unless you have a death wish. If the site is compromised (because no site is ever 100% secure) the attacker would gain access to your entire server, effectively locking you out while they are siphoning out all data (including connection details to any remote systems).

The only mitigation would be putting the entire server off-line, as in unplug it from the power source and network and have its disks mounted on a clean system for analysis and fixing by someone physically present on the data centre. This would cost you several thousand dollars. You'd also have to change every single username and password in every single third party service which was ever accessible to that server such as Amazon S3, Mandrill and so on and so forth. The financial impact would be in the order of tens of thousands of dollars at a first glance. It could even spell the end of your company due to collateral damage such as the erosion of clients' trust to you, the side effects of being offline for days and so on and so forth.

The secure thing to do is to have isolated firewalls in at least three tiers: system, web server, web application. If you really want to, you can always write a shell script to grab the blocked IPs from Admin Tools' #__admintools_ipblocks table and put them in your server's iptables configuration. But this would be silly and dangerous: if I am an attacker who knows your IP address I can easily fool the server into thinking that my decoy attack comes from your IP address, therefore blocking you out of your own server while I'm launching my real attack which can compromise your site and leave you defenseless. Do you REALLY want to do that?

An another issue btw ...Can i install somehow in older version for Joomla Admin Tools ? Like 1.x

No. 1.x had security issues and has been withdrawn. The versions you can download are listed in https://www.akeebabackup.com/compatibility.html