fail2ban scans log files and bans malicious IPs. Default values are quite gentle - change
bantime (the duration in seconds for IP to be banned for - default 10 minutes) and
findtime (unban the IP if no match is found in the logs within “findtime” seconds).
For some services, say ssh and mail, you can increase these values - for example, set
findtime to 24 hours (if it is too short, you loose a lot of blocked IP when you restart fail2ban) and
bantime to 8 hours.
bantime = 28800 #ban for 8h findtime = 86400 #use logs of last 24h maxretry = 3 #default