I'm trying to use an IPTABLES rule that, using the recent module,
would block anyone trying to brute force ssh attack my box. Here are
the rules:

iptables -N ssh-drop
iptables -A ssh-drop -m limit --limit 2/minute -j LOG --log-prefix
iptables -A ssh-drop -j DROP
iptables -A INPUT -p tcp --dport 22 --syn -m recent --name ssh --set
iptables -A INPUT -p tcp --dport 22 --syn -m recent --name ssh --update
--seconds 60 --hitcount 5 -j ssh-drop

On a SLES 9 box I have this works fine and I get the SSH_THROTTLE:
message in my /var/log/messages when a user tries to ssh in too many
times unsuccessfully. Then after 1 minute they can try again and if
they put in the correct password they get in, if not it starts dropping
them again. So if someone is trying to brute force attack me they're
packets start hitting the floor and they don't stop until they fall
below the threshold. I got this from another linux admin. However, on
my OES Linux SP2 box instead of getting the SSH-THROTTLE message, I get
this message:

SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:06:5b:88
:5a:a9:00:0f:1f:70:c7:e3:08:00 SRC= DST= LEN=60
PREC=0x00 TTL=64 ID=10688 DF PROTO=TCP SPT=50534 DPT=22 WINDOW=5840
RES=0x00 SYN
URGP=0 OPT (020405B40402080A669C7E320000000001030300)

And the packets are never dropped. Any ideas on how to do this
(halting brute force ssh attacks) in OES Linux? Also, how do you make
these rules "stick" so they will still be there with a reboot? Also,
where is iptables storing these rules, or reading from so that I can
directly edit that file? Thanks.