that ISPconfig have in administration own firewall. There you can close ports but I think you will not help yourselve.
I think you can change ssh port from 22 to 2222. And you can that port allow only on some ipaddress.
Thats I think all. Ispconfig use fail2ban thats good protection I think if you dont use password like "123456"