Can we limit login failures from an IP address
I searched but couldn't find anything like this.
We get regular "dictionary attacks" on our ssh ports. People or programs trying various username/password combination trying to log in. Sometimes close to a 1000. The next day reviewing the logs we block the addresses or range around the addresses if it looks like a dynamic ip using IPTables.
Is there anyway to enforce a rule that says any particular source ip can only have so many login failures before it is shut down?