If you always have the same ip, use ufw to allow only that ip to connect.
/usr/sbin/ufw allow from YOUR-IP to any port 22 proto tcp
I have dynamic ip and use this script, works great.
`#!/bin/bash
PATH=/root:/bin:/sbin:/usr/local/bin:/usr/sbin:/usr/local/sbin
HOSTNAME=MY PERSONAL NOIP-ADRESS
LOGFILE=/root/cron/iptables-update.log
Current_IP=$(/usr/bin/host $hostname | head -n1 | cut -f4 -d ' ')
if [ ! -f $LOGFILE ]; then
/usr/sbin/ufw allow from $Current_IP to any port 16100 proto tcp
echo $Current_IP > $LOGFILE
else
Old_IP=$(cat $LOGFILE)
if [ "$Current_IP" = "$Old_IP" ] ; then
echo IP address has not changed
else
/usr/sbin/ufw delete allow from $Old_IP to any port 16100 proto tcp
/usr/sbin/ufw allow from $Current_IP to any port 16100 proto tcp
echo $Current_IP > $LOGFILE
echo iptables have been updated
fi
fi
exit 0`