More fun: setup a fail2ban actionban script that instead of banning the IP, shapes the traffic coming from it to have abysmal bandwidth so requests/responses takes really long time, so they'll have to timeout instead of getting failures.

This is known as tarpitting, and apparently iptables can do it: https://en.wikipedia.org/wiki/Tarpit_%28networking%29

Neat, didn't know that! Think before I've used Traffic Control (tc) for it, but iptables would be simpler.

Available in `xtables-addons` it seems. After install:

    iptables -A INPUT -p tcp -s $SOURCE_IP -j TARPIT # add IP to tarpit
    iptables -D INPUT -p tcp -s $SOURCE_IP -j TARPIT # remove IP from tarpit

This is hilarious