There are countless of 'Howto prevent SSH Brute force attacks with iptables' scattered around the Net. What, in my opinion, is missing from those howtos is a 'holistic' approach to the problem. Only adding a 'recent' rule to iptables is just a part of the solution.
IPTables rule set
Let's take for example the ubiquitous:
IPTables rule set
Let's take for example the ubiquitous:
# iptables -N IN_SSH
# iptables -A IN_SSH -m recent --name sshbf --rcheck \
--hitcounts 3 --seconds 10 -j DROP
# iptables -A IN_SSH -m recent --name sshbf --set -j ACCEPT
# iptables -A INPUT -p tcp --dport ssh -m conntrack \
--ctstate NEW -j IN_SSH