#/etc/rc.local
 
ipset create black_ips hash:ip
iptables -A INPUT -m set --match-set black_ips src -j DROP
grep "Failed password for" /var/log/auth.log | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort | uniq -c | awk '$1 > 5 { print $2}' | xargs -I{} ipset add black_ips {}