ipTables and SSH Brute Force Stopping Power

I run a small webserver, serving up my own personal items of interest. One of the bigger annoyances in doing this on your own is brute force ssh attempts. When you connect via ssh there is a natural delay in the prompt for password. I wanted to take this a step further and delay the response for a longer period of time every time a failed attempt is made.

Here is the entirety of my iptables script.

#!/bin/sh

set -e

PATH="/bin:/sbin:/usr/bin:/usr/sbin"

case "$1" in
start)
iptables -F
iptables -t nat -F

# Default Deny Policy
iptables -P INPUT DROP
iptables -P FORWARD DROP

# Existing connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Localhost is always trusted.
iptables -A INPUT -i lo -j ACCEPT

# Allow SSH, WWW, DNS, WEBMIN, POP3, SMTP, IMAP2, HTTPS, FTP, GKRELLM
iptables -A INPUT -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 80 -j ACCEPT
iptables -A INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 25 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 53 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 10000 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 110 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 113 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 143 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 443 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 993 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 995 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 10001 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
;;
stop)
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
;;
restart|reload)
"$0" start
"$0" stop
;;
*)
echo "Usage: $0 {start|stop|reload|restart}"
esac

As you can see in the ssh line, every time an ip attempts to connect via ssh and fails, they have to wait. And every time they attempt to connect and fail, that time is compounded. This essentially stops dead brute force ssh attempts.