Security by blocking bad things is a very bad idea, a completely false sense of security.
Couple these together instead:
default-deny (got that much correct);
incoming, open stateful continuations of established connections;
incoming, open ports for services you run (e.g. web- and dns-servers, etc), with rate-limiting per source.
iptables will allow this, no problem.
There is no point in "automatic" firewalls that detect bad things and block sources; all they do is clutter-up your firewall rules for the sake of an event that (1) comes under default-deny and (2) is already history - people doing bad things are mostly operating fire-and-forget.