So you've chosen volence!
fail2ban supports many more uses, but requires too much attention to configure
correctly; benevolence is opinionated, so you don't have to be.
Opinions
* nft > iptables
* logs should be low noise; banning noisy hosts helps
* lying is proof of malign intent
* binary logs are dumb
* firewall configuration isn't benevolence's job