fail2ban scans log files and bans malicious IPs. Default values are quite gentle - change bantime
(the duration in seconds for IP to be banned for - default 10 minutes) and findtime
(unban the IP if no match is found in the logs within “findtime” seconds).
For some services, say ssh and mail, you can increase these values - for example, set findtime
to 24 hours (if it is too short, you loose a lot of blocked IP when you restart fail2ban) and bantime
to 8 hours.
bantime = 28800 #ban for 8h findtime = 86400 #use logs of last 24h maxretry = 3 #default