Assuming that you are using the default port 22 for SSH, the following command will allow SSH on the INPUT chain.

• Notice the -m or --match option contains a value of conntrack. conntrack stands for "connection tracking", which is the state of the SSH connection.
• Notice the --ctstate option contains the NEW and ESTABLISHED values. ctstate stands for "connection state". --ctstate is only used when --match connstate is specified. NEW, ESTABLISHED, RELATED and INVALID are the possible states.
• Notice the -s or --source option contains 192.168.0.0/24, to only allow connections within the 192.168.0 subnet. This parameter is optional. Of course, some other IP address or subnet could be specified. If not used, connections will be allow from an source IP address.
• The --syn flag ensure that the SYN flag has been set in the TCP header

The following will only allow NEW and ESTABLISHED SSH connections on the INPUT chain.

iptables -A INPUT -p tcp --dport 22 --match conntrack --ctstate NEW,ESTABLISHED --source 192.168.0.0/24 --syn -j ACCEPT

The following will only allow ESTABLISHED connections on the OUTPUT chain.

iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT

The -L or --list option can be used to display the rules to ensure the rule was added. Something like this should be displayed.

Chain INPUT (policy ACCEPT 11 packets, 897 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  any    any     192.168.0.0/24       anywhere             tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN ctstate NEW,ESTABLISHED

The iptables-save command will need to be used to permanently save iptables.