Comment contrack module ipt_recent (Score 1) 497
works quite well for me
http://www.snowman.net/projects/ipt_recent/
its been around for years, and has kept my ssh service nice and available for almost as long.
basically, keeps a contrack record for tcp new attempts on the configured port(s), with threshholds for how many attempts before being temporarily blacklisted, then a timeout for how long before they can go again.
fail2ban and denyhosts fee way to high up in the stack for my liking