I'm actually running it to block brute-force attacks every 3mins and it works fine.
Ah, so you have brute force attacks on you SSH port(s)? Well why didn't you write so in the first place!
I recommend to reconfigure the sshd daemon to listen on another *well known* port. That confuses 100% of the attackers (no more brute force attacks).
If the attacker starts banging on the other port, he or she will try to bang on the appropriate service on that port, but since there is something completely different listening, they can bang on it 'till the cows come home.
As a *theoretical* example, you could reconfigure sshd to listen on port 443. So when the attacker tries an attack on port 22, he/she will get zilch, because sshd isn't listening on that port any more.
However, the scan will reveal that you have port 443 open. So the attacker "knows" that you have an SSL httpd listening on that port. Except it's sshd instead! Imagine all the time they will waste with SSL based attacks... on sshd!
