[[https://www.fail2ban.org/wiki/index.php/Main_Page|fail2ban]] scans log files and bans malicious IPs. Default values are quite gentle - change ''bantime'' (the duration in seconds for IP to be banned for - default 10 minutes) and ''findtime'' (unban the IP if no match is found in the logs within "findtime" seconds). For some services, say ssh and mail, you can increase these values - for example, set ''findtime'' to 24 hours (if it is too short, you loose a lot of blocked IP when you restart fail2ban) and ''bantime'' to 8 hours. bantime = 28800 #ban for 8h findtime = 86400 #use logs of last 24h maxretry = 3 #default