Iptables cheat sheet

Applicable to Debian 8.

Blocking IP addresses
Permanently block an IP address :

iptables -A INPUT -s a.b.c.d -j DROP

Unblock IP address :

iptables -D INPUT -s a.b.c.d -j DROP

Block and IP address for 60 seconds after 3 failed SSH login attempts :

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP

The reference also gives info about how to set up logging.