Fail2ban is a complementary tool to your firewall. It works by scanning log files and bans IPs which present suspicious activity such as failed logins. It is compatible with many UNIX-like systems and is a security tool to have in your arsenal. It can filter not only ssh logins, but other services too, for example CMS web sites as WordPress or Drupal, repositories such as your own GitLab, and even your Postfix (or other) mail server.