There isn’t lots of ways to do it; there’s just the one: firewall rules. There just happens to be lots of different types of filewalls.
If you want to get clever then you can enable port knocking but my personal preference is just good old fashioned whitelist of IPs with fail2ban running ready to auto-blacklist any of those IPs that have too many failed login attempts in a given period of time.