Fail2Ban

Fail2ban is a program that parses logs and and block servers that try to abuse your system. While it doesn't replace a firewall, it's a good complement as it prevents people from trying thousands of password on your server.

Installation
Debian Stretch (currently in testing) contain a much nicer version of fail2ban than Jessie (current stable). Configuration has been simplified a lot between the two releases and installing the version from stretch will save you from migration pain later. Make sure you configure stretch source before running the command bellow.

Configuration
After you change configuration, or add a new jail, don't forget to restart fail2ban

Defaults
Create file

Recidive
The recidive rule ban users for a longer period if they have been banned multiple time in a row.

Create file

Other rules
Rules specific to one program are documented on the program page. You can see the list on the fail2ban category page.