This is a very quick and dirty rundown on what to do to set up PSAD to manage blocking naughty people. There are lots of guides with a lot of fluff. This is a bare-bones, no-BS version of this. I have run this through Ubuntu 16.10, but you may be lucky!

sudo iptables -P INPUT ACCEPT
sudo iptables -F
sudo iptables -S
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT

(repeat, but change the port number for any other services the line above, setting tcp or udp depending what is needed)

sudo iptables -A INPUT -j LOG
sudo iptables -A FORWARD -j LOG
sudo iptables -A INPUT -j DROP
sudo ip6tables -S
sudo ip6tables -A INPUT -i lo -j ACCEPT
sudo ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo ip6tables -A INPUT -p tcp --dport 53 -j ACCEPT
sudo ip6tables -A INPUT -p udp --dport 53 -j ACCEPT

(repeat, but change the port number for any other services the line above, setting tcp or udp depending what is needed)

sudo ip6tables -A INPUT -j LOG
sudo ip6tables -A FORWARD -j LOG
sudo ip6tables -A INPUT -j DROP

sudo apt install psad iptables-persistent fail2ban

Select ‘Y’ to save the existing IPTables.

sudo service iptables-persistent start
sudo psad --sig-update
vi /etc/psad/psad.conf

Find and edit the lines containing:

EMAIL_ADDRESSES - add your email address in

HOSTNAME - add your server hostname here

IPT_SYSLOG_FILE needs to be changed to /var/log/syslog;

EMAIL_ALERT_DANGER_LEVEL Set this to 4 so that you dont get spammed.

ENABLE_AUTO_IDS set to Y;

AUTO_IDS_DANGER_LEVEL set to2; (Higher 3-5 if you want it to be less reactive)

AUTO_BLOCK_TIMEOUT set to 300; to block machines for 5 minutes

Save, and start PSAD:

service psad restart