Can anyone help me codger up a way to add a firewall rule that blocks an IP address after say 25 failed logins, and then removes it after 24 hours?
Its already been done for you 
http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention_(FTP_%26_SSH)
You should be able to modify those to suit your needs.
Thanks, I didn’t see that!