Forward TCP Connections with Iptables
Sometimes it is useful to forward a tcp connection to another server. For example if you want to switch a web service to another servers with no DNS delay.
read on
Fail2Ban Debian Cheat Sheet
apt-get install fail2ban
Set the LogLevel parameter within /etc/ssh/sshd_config from INFO to VERBOSE. This allows fail2ban to read failed login attempts.
LogLevel VERBOSE
Restart sshd
/etc/init.d/ssh restart
Change the action parameter within the jail.conf to action_mwl. Otherwise you will not get any e-mail notification about banned ips.
action = %(action_mwl)s
Finally make sure that your ssh section within jail.conf is enabled and points to the correct logfile.