Inspired by: http://web.archive.org/web/20130510023127/http://blog.bigdinosaur.org/securing-ssh-with-iptables/
When installing iptables-persistent package it asks to make your existing iptables configuration persistant, choose 'yes' twice
ssh_port=22;
sudo iptables -A INPUT -p tcp -m tcp --dport $ssh_port \
-m state --state NEW \
-m recent --set --name DEFAULT --rsource &&
sudo iptables -N LOG_AND_DROP &&
sudo iptables -A INPUT -p tcp \
-m tcp --dport $ssh_port -m state --state NEW \
-m recent --update --seconds 60 --hitcount 4 \
--name DEFAULT --rsource -j LOG_AND_DROP &&
sudo iptables -A INPUT -p tcp -m tcp --dport $ssh_port -j ACCEPT &&
sudo iptables -A LOG_AND_DROP -j LOG --log-prefix "iptables ssh connection deny: " --log-level 7 &&
sudo iptables -A LOG_AND_DROP -j DROP &&
sudo apt-get install iptables-persistent -y &&
echo 'Installed'
For rollback:
sudo apt-get remove --purge iptables-persistent -y &&
sudo iptables -D LOG_AND_DROP -j DROP &&
sudo iptables -D LOG_AND_DROP -j LOG --log-prefix "iptables ssh connection deny: " --log-level 7 &&
sudo iptables -D INPUT -p tcp -m tcp --dport $ssh_port -j ACCEPT &&
sudo iptables -D INPUT -p tcp \
-m tcp --dport $ssh_port -m state --state NEW \
-m recent --update --seconds 60 --hitcount 4 \
--name DEFAULT --rsource -j LOG_AND_DROP &&
sudo iptables --delete-chain LOG_AND_DROP &&
sudo iptables -D INPUT -p tcp -m tcp --dport $ssh_port \
-m state --state NEW \
-m recent --set --name DEFAULT --rsource &&
unset ssh_port &&
echo 'Removed'