hi
i want to use ssh and it is not very good idea to enable it without some restrictions. i was googling for some fully functional rules but i found only commands for iptables but their function is exactly that i want to use. so please is anybody here who can help me with this? 
This is what I have in my iptables rules:
iptables -N SSH_CHECK
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
iptables -A SSH_CHECK -m recent --set --name SSH
iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP
What it does is:
1. Create a new chain SSH_CHECK, and all incoming SSH connection (TCP port 22) will go into this chain to test the condition.
2. Condition is, for any source IP address there cannot be more than 3 SSH connection attempts within a 60 seconds window.
3. If condition has been met, then all packets from that source IP address will be dropped.
4. That source IP can only connect again if condition is cleared again, i.e. there has been 60 seconds of quiet time.