{
    my $abtries = ${'sshd'}{'AutoBlockTries'} || "4";
    my $abtime = ${'sshd'}{'AutoBlockTime'} || "900";

    $OUT .=<<"EOF";

    # Use recent packets match to block SSH from sites generating
    # $abtries connections within $abtime seconds
    # Check/clear IP block status in /proc/net/ipt_recent/SSH
    /sbin/iptables --new-chain SSH_Autoblock
    /sbin/iptables --append SSH_Autoblock -m recent --set --name SSH
    /sbin/iptables --append SSH_Autoblock -m recent --rcheck --rttl \\
	--seconds $abtime --hitcount $abtries --name SSH -j denylog
EOF
}
