Assuming ssh brute force attacks.
Assuming the following IPTABLES configuration:
DROP tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: UPDATE seconds: 120 hit_count: 10 TTL-Match name: sshprobe side: source
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: SET name: sshprobe side: source