I forgot to mention, if the IPtables examples are useful they can make things ever more quiet if instead of "-j DROP" one uses "-j SET options" to add to an ipset, then use that same ipset in an outbound rule to tcp-reset the openssh socket to free up memory faster. Not really a big deal unless one gets flooded but probably useful to someone some day. Maybe I will do a little write-up on this.