+# Configuration of the bouncer daemon
+
Bouncer {
# Socket through which we receive log messages
# On the first login failure, we remember that an IP address is suspect
# and start counting failures. After too much failures, the address is banned.
-MaxFailures 10
+MaxFailures 9
-# When a suspect address generates no more failure for this many seconds,
-# it is forgotten.
-MaxSuspectTime 300
+# When a suspect address produces no further failures within this time [sec],
+# it is acquitted and forgotten.
+SuspectTime 600
# Bans are lifted after this many seconds.
-MaxBannedTime 3600
+BannedTime 3600
+
+# After a ban is lifted, the IP address undergoes further probation. If it
+# produces more failures within the probation period, it is banned again.
+MaxProbation 1
+
+# When an address is banned again during probation, its ban time is multiplied
+# by BannedAgainCoeff, but it cannot exceed MaxBannedTime [sec].
+BannedAgainCoeff 2
+MaxBannedtime 86400
+
+# Probation expires after [sec]
+ProbationTime 600
# Limit on the number of suspect addresses and bans we keep in memory
-MaxSuspects 1000
-MaxBanned 1000
+MaxCulprits 1000
# We log all messages to the log stream configured below
-# LogStream syslog
+LogStream syslog
# Names of ipsets we feed the banned addresses to
# (you can omit either to disable processing of IPv4 or IPv6)