Below are the iptables rules that I use to block connections from the same address in a 30 second period. I get a couple of hits a day to this but not the thousands of attempts like before. You can set the timeout to whatever you want. The only drawback to this method is if you accidently fail to log in then you can't for 30 seconds. I also restrict root login, use Allow Users and I disabled all password authentication. I did leave it on port 22 though. # this rule logs -A RH-Firewall-1-INPUT -m state --state NEW -m recent --name ssh- limit --update --seconds 30 -m tcp -p tcp --dport 22 -j LOG --log- level WARNING --log-prefix "ssh-limit " # this rule drops the packet if connection is already in list -A RH-Firewall-1-INPUT -m state --state NEW -m recent --name ssh- limit --update --seconds 30 -m tcp -p tcp --dport 22 -j DROP # this rule sets the list -A RH-Firewall-1-INPUT -m state --state NEW -m recent --name ssh- limit --set -m tcp -p tcp --dport 22 -j ACCEPT -- Knute Johnson Molon Labe...
