Sure, a firewall would help. Especially block SSH (22) if it may be accessible from outside. Of course you can enable specific IP or netblocks if you need to access it remotely and if the the source address is known.
A few years earlier I played with PSAD. It analyzes known attack patterns and block intruders concerned spontaneously. I think it is worth exploring too.
psad - Intrusion Detection with iptables, iptables Log Analysis, iptables Policy Analysis
With all these, still, make sure you revise the logs from time to time to check if you are being subject to new attack patterns.