Sshdfilter

sshdfilter blocks the frequent brute force attacks on ssh daemons, it does this by directly reading the sshd logging output (or syslog output) and generating iptables (or ipfw) rules. This process can be quick enough to block an attack before they get a chance to enter any password at all.

Getting an ebuild
Since sshdfilter is not available in portage, you'll have to place an ebuild in a local overlay, so go and setup a local overlay first. Note that the rest of this guide will assume your local overlay lives in. First, create the directory structure for the sshdfilter overlay.

Now create a new directory for the sshdfilter ebuild to live in, and cd into that directory:

Now get the sshdfilter ebuild. You can download the ebuild from Gentoo Bug 120764. Place it in the directory created above.

If you are running a 64-bit system, you will need to update the KEYWORDS line. Change line 11:

to

Finally, build the digest for the ebuild so that portage won't complain.

Installation
Now that you have an ebuild for sshdfilter, emerge it:

Configuration
Run the built-in configure commands from the ebuild.

Start sshdfilter
Finally, start sshdfilter.

If sshdfilter started, you should now be protected from most brute force attacks on sshd.