Fail2Ban filter and jail for Kerberos (krb5-kdc)

jail.local

[krb5kdc]
enabled  = true
filter   = krb5kdc
bantime = 86400
maxretry = 6
backend = systemd
banaction = iptables-allports
protocol = all

krb5kdc.conf

[INCLUDES]
before = common.conf

[Definition]
_daemon = krb5kdc
failregex = AS_REQ \([\w\s{}]+\) <HOST>: (PREAUTH_FAILED|CLIENT_NOT_FOUND):
ignoreregex =

[Init]
# "maxlines" is number of log lines to buffer for multi-line regex searches
maxlines = 10
journalmatch = _SYSTEMD_UNIT=krb5-kdc.service + _COMM=krb5-kdc