I have fail2ban working for sshd on Bookworm. My jail.local file looks like this: [sshd] bantime = 2d enabled = true mode = extra port = 2222 filter = sshd[mode=aggressive] backend = systemd journalmatch = _SYSTEMD_UNIT=ssh.service + _COMM=sshd maxretry = 1 findtime = 300