Set findtime to 60 (one minute) to make it simple to understand.

debian/resources/fail2ban/jail.local

@@ -5,8 +5,8 @@ protocol = ssh
 filter   = sshd
 logpath  = /var/log/auth.log
 action   = iptables-allports[name=sshd, protocol=all]
-maxretry = 3
-findtime = 30
+maxretry = 6
+findtime = 60
 bantime  = 86400
 
 [freeswitch]
@@ -17,8 +17,8 @@ filter   = freeswitch
 logpath  = /var/log/freeswitch/freeswitch.log
 #logpath  = /usr/local/freeswitch/log/freeswitch.log
 action   = iptables-allports[name=freeswitch, protocol=all]
-maxretry = 5
-findtime = 30
+maxretry = 10
+findtime = 60
 bantime  = 3600
 #          sendmail-whois[name=FreeSwitch, dest=root, [email protected]] #no smtp server installed
 
@@ -31,7 +31,7 @@ logpath  = /var/log/freeswitch/freeswitch.log
 #logpath  = /usr/local/freeswitch/log/freeswitch.log
 action   = iptables-allports[name=freeswitch-ip, protocol=all]
 maxretry = 1
-findtime = 30
+findtime = 60
 bantime  = 86400
 
 [auth-challenge-ip]
@@ -43,7 +43,7 @@ logpath  = /var/log/freeswitch/freeswitch.log
 #logpath  = /usr/local/freeswitch/log/freeswitch.log
 action   = iptables-allports[name=auth-challenge-ip, protocol=all]
 maxretry = 1
-findtime = 30
+findtime = 60
 bantime  = 86400
 
 [sip-auth-challenge]
@@ -54,8 +54,8 @@ filter   = sip-auth-challenge
 logpath  = /var/log/freeswitch/freeswitch.log
 #logpath  = /usr/local/freeswitch/log/freeswitch.log
 action   = iptables-allports[name=sip-auth-challenge, protocol=all]
-maxretry = 50
-findtime = 30
+maxretry = 100
+findtime = 60
 bantime  = 7200
 
 [sip-auth-failure]
@@ -66,8 +66,8 @@ filter   = sip-auth-failure
 logpath  = /var/log/freeswitch/freeswitch.log
 #logpath  = /usr/local/freeswitch/log/freeswitch.log
 action   = iptables-allports[name=sip-auth-failure, protocol=all]
-maxretry = 3
-findtime = 30
+maxretry = 6
+findtime = 60
 bantime  = 7200
 
 [fusionpbx-404]
@@ -78,8 +78,8 @@ filter   = fusionpbx-404
 logpath  = /var/log/freeswitch/freeswitch.log
 #logpath  = /usr/local/freeswitch/log/freeswitch.log
 action   = iptables-allports[name=fusionpbx-404, protocol=all]
-maxretry = 3
-findtime = 30
+maxretry = 6
+findtime = 60
 bantime  = 86400
 
 [fusionpbx]
@@ -90,8 +90,8 @@ filter   = fusionpbx
 logpath  = /var/log/auth.log
 action   = iptables-allports[name=fusionpbx, protocol=all]
 #          sendmail-whois[name=fusionpbx, dest=root, [email protected]] #no smtp server installed
-maxretry = 10
-findtime = 30
+maxretry = 20
+findtime = 60
 bantime  = 3600
 
 [fusionpbx-mac]
@@ -102,8 +102,8 @@ filter   = fusionpbx-mac
 logpath  = /var/log/syslog
 action   = iptables-allports[name=fusionpbx-mac, protocol=all]
 #          sendmail-whois[name=fusionpbx-mac, dest=root, [email protected]] #no smtp server installed
-maxretry = 5
-findtime = 30
+maxretry = 10
+findtime = 60
 bantime  = 86400
 
 [nginx-404]
@@ -114,8 +114,8 @@ filter   = nginx-404
 logpath  = /var/log/nginx/access*.log
 action   = iptables-allports[name=nginx-404, protocol=all]
 bantime  = 3600
-findtime = 30
-maxretry = 120
+findtime = 60
+maxretry = 300
 
 [nginx-dos]
 # Based on apache-badbots but a simple IP check (any IP requesting more than
@@ -126,6 +126,6 @@ protocol = tcp
 filter   = nginx-dos
 logpath  = /var/log/nginx/access*.log
 action   = iptables-allports[name=nginx-dos, protocol=all]
-findtime = 30
+findtime = 60
 bantime  = 86400
-maxretry = 300
+maxretry = 800