>There is no need to duplicate the threshold check. I'm not duplicating the check. I was just considering using the logged, recorded checks (of a minimum value) and making use of those. They could trigger a ban of the IP via fail2ban's respective jail's frequency settings, based on those log entries.
But I understand other than getting the entries out of the logs, postscreen can handle these without help from the firewall.
