netfilter.org is home to the software of the packet filtering framework inside the Linux 2.4.x and 2.6.x kernel series. Software commonly associated with netfilter.org is iptables.
The following is an example iptables firewall that allows incoming ssh connections from an individual IP address (192.168.1.100), allows all outbound traffic, and uses stateful inspection.
ate-limit all incoming SSH connections to 8 in a one minute window. Normal users will have no trouble logging in, but the brute force attacks will be dropped, limiting the number of possible account combinations from unlimited, to 8.