Iptables: Recent update with hitcount

[Tanja Kalies]

Hello together,

I would like to stop unauthorized attempts to log on my sshd server via
the following IPtables rule:

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
recent --update --seconds 60 --hitcount 4 -j DROP

As far as I understand iptables, it should generate a timer that drops
new connection attemps as long as there are 4 attempts within 60 seconds.

But when I try from an external ip, I can try to connect as often as I
want and don't get dropped :-(

Is there anything wrong with the syntax?
Thanks for any help!
Tanja