>>101228855
Before all that in the raw table, insert
-A PREROUTING -d [your wan ip] -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m tcpmss ! --mss 1220:1460 -j DROP
do a tcpdump before you ssh and tighten up that mss range to something closer to what you use. 1460 alone is ideal, but if you ssh from your phone that will vary.
If you only ssh from a workstation using mac, bsd or linux you can also drop bots based on TTL.
-A PREROUTING -i eth0 -p tcp -m tcp --dport 22 -d [your wan ip] --syn -m ttl --ttl-gt 64 -j DROP
most bots are on wireless devices with a TTL greater than 200. Windows is 128. If you ssh from windows, change 64 to 128.