# vim: ts=2 {...}: { services.fail2ban = { enable = true; maxretry = 2; # ban after 2 failures daemonConfig = '' [Definition] logtarget = SYSLOG socket = /run/fail2ban/fail2ban.sock pidfile = /run/fail2ban/fail2ban.pid dbfile = /srv/fail2ban/fail2ban.sqlite3 ''; bantime-increment = { enable = true; rndtime = "8m"; overalljails = true; multipliers = "2 4 16 128 256"; maxtime = "72h"; }; jails = { dovecot = '' # block IPs which failed to log-in # aggressive mode add blocking for aborted connections enabled = true filter = dovecot[mode=aggressive] maxretry = 2 ''; }; }; }