my settings are;
Ban time (s): 3600
Max. ban time (s): 10000
Ban time is incremented with each ban: enabled
Max. attempts: 3
Retry window (s) for max. attempts: 120
IPv4 subnet size to apply ban on (8-32): /32
IPv6 subnet size to apply ban on (8-128): /128
I also blacklist IP addresses that attempt to enter incorrect passwords at regular intervals.