sudo nano /etc/fail2ban/filter.d/packetflood.conf
[Definition]
failregex = .*SRC=<HOST>.*dpt=.* packets: [2-9][0-9]{3,} .*
ignoreregex =
sudo nano /etc/fail2ban/jail.local
[packetflood-blackhole]
enabled = true
filter = packetflood
action = blackhole
logpath = /var/log/syslog
maxretry = 1
bantime = 900
sudo nano /etc/fail2ban/action.d/blackhole.conf
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ip route add blackhole <ip>
actionunban = ip route del blackhole <ip>
sudo systemctl restart fail2ban
sudo fail2ban-client status packetflood-blackhole