iptables is a good way to go about it, but at most application layers you also have the use of tcpwrappers. you can permit certain sources only at aplication level using the abstraction in the /etc/hosts.allow and /etc/hosts.deny files: http://www.ssh.com/support/documenta...s_Support.html
this page is handy, i'd assume that you openssh server is already configured to use it, so ignore teh first part, but the examples at the bottom should help you a lot.
iptables isn't as scary as you may think, but then you may prefer to look at using a wrapper tool, like the gtk interface, firestarter.
but why do you have your server facing the internet directly anyway? why do you not have some form of dedicated firewall in between?