How to stop brute force!

Someone has been trying to brute force into our Pi for a WHILE now non-stop. Each second they're trying new combination of user and password. We're using port-forwarding so it always shows the router ip.. We wanted to set up a system that will ban the ip if it gets to a specific number of failed log-ins (caused from wrong password). (Either that or just block him generally), But we couldn't manage to set it up correctly. Is there maybe a program or config that can help with this?

fail2ban

If the IPs is from the same ip network you can also add an firewall rule to block it. Or a more secure way is to only allow IP or IP blocks you are accessing it from.