Have you looked at fail2ban?  It watches /var/log/secure for break in attempts/failed logins and dynamically adds iptables rules to block the bad guys.  It will do (automatically) pretty much what you're doing manually.

----- Original Message -----
From: dwoody5654 [mailto:dwoody5654@gmail.com]
To: users@lists.fedoraproject.org
Sent: Mon, 06 Jul 2015 22:35:51 -0500
Subject: iptables with logging vs denyhosts

I have been using denyhosts for almost a year. To date I have only 
prevented one person logging in and that is ME ( I used the wrong login 
name).
Also, I know of no successful break-ins.

My iptables is as follows:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N block
-A INPUT -j block
-A FORWARD -j block
-A block -i wifi_card -p tcp -m tcp --dport 12123 -j ACCEPT
-A block -i Nic_external -p tcp -m tcp --dport 12123 -j ACCEPT
-A block -i Nic_enternal -j ACCEPT
-A block -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A block -i lo -m conntrack --ctstate NEW -j ACCEPT
-A block -j DROP

First, I think that the above will keep the bad guys out, Is that a true 
statement?

Sencondly, I have added a LOG rule just above the DROP rule and I have 
been monitoring it for about 1 1/2 weeks. As each entry is logged I have 
been adding it to /etc/hosts.deny. Currently there are 4318 ip adresses 
in the file and the number of packets that have been logged is 51592.

Denyhosts is for stopping ssh attempts and nothing else as I understand it.

Having over 4300 lines in /etc/hosts.deny causes almost no delay in 
logging in remotely.

Am I being to paranoid about keeping the bad guys out or is the iptable 
above completely adequate?

I would very much like to here your opinion on this,

David