In general, it is a standard shore-wall firewall rule in perl, and the standard ssh protocol wrapper mod.
These are very well documented tricks, and when combined with a standard port 22 and interleaved knock ports tripwire 5 day ban rules... are quite effective against scanners too.
I am currently on the clock, so can't write up a detailed tutorial right now.
