{
    my $abtries = ${'sshd'}{'AutoBlockTries'} || "4";
    my $abtime = ${'sshd'}{'AutoBlockTime'} || "900";
    my $sshd_port = ${'sshd'}{'TCPPort'} || "22";

    $OUT .=<<"EOF";
    # Create a whitelist
    /sbin/iptables --new-chain SSH_Whitelist
    /sbin/iptables --new-chain SSH_Whitelist_1
    /sbin/iptables --append SSH_Whitelist -j SSH_Whitelist_1

    # Use recent packets match to block SSH from sites generating
    # $abtries connections within $abtime seconds
    # Check/clear IP block status in /proc/net/xt_recent/SSH
    /sbin/iptables --new-chain SSH_Autoblock

    # First check if not whitelisted
    /sbin/iptables --append SSH_Autoblock --proto tcp --dport $sshd_port \\
    	-m state --state NEW -j SSH_Whitelist

    /sbin/iptables --append SSH_Autoblock -m recent --set --name SSH
    /sbin/iptables --append SSH_Autoblock -m recent --rcheck --rttl \\
	--seconds $abtime --hitcount $abtries --name SSH -j denylog
EOF
}
