Well it’s a simple deal but iptables can count the number of connections in a time period and block based on it. For example:
iptables -N SSH_CHECK iptables -A INPUT -p tcp --dport 22 -m state NEW -j SSH_CHECK iptables -A SSH_CHECK -m recent --set --name SSH iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP So no more than 4 connections from the same ip in 60 seconds or you get blocked.