====== - Setup fail2ban to mitigate DDOS ======
  * https://linuxhint.com/setup-ips-fail2ban/


Installation
    sudo apt-get install fail2ban
    sudo systemctl start fail2ban
    sudo systemctl enable fail2ban

Config:
    sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

<code>
    sudo vim /etc/fail2ban/jail.local

[DEFAULT]

ignoreip = 127.0.0.1/8 192.168.18.10/32

bantime = 10d

maxretry = 2

findtime = 600 

[sshd]

enable = true

port = ssh

filter = sshd

logpath = /var/log/auth.log

maxretry = 3

    sudo systemctl restart fail2ban.service
</code>

See status:
    cat /var/log/fail2ban.log
    sudo fail2ban-client status 
    sudo fail2ban-client status sshd
    
<code>
Status for the jail: sshd
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     3
|  `- File list:        /var/log/auth.log
`- Actions
   |- Currently banned: 1
   |- Total banned:     1
   `- Banned IP list:   61.177.172.145
</code>
    
Unban IP
    sudo fail2ban-client set sshd unbanip 192.168.43.35