[boring_twenties]

I don't like it because it opens up the possibility of someone on the same network as me locking me out of my own server.

Sure, it's unlikely, but I don't see what I'd be gaining using fail2ban in the first place. I don't leave password authentication enabled, of course.

Log spam is a bit annoying, but at the end of the day, who cares? Even with the ongoing attempts, my authlog is like 300K uncompressed today and 60-120K per day gzipped. Whatever.

If I cared about that I would prefer to just block Chinese IP ranges outright.

[pnutjam]

If your passing through a NAT, you can whitelist your own IP.

something like: fail2ban-client set addignoreip x.x.x.x or fail2ban-client set addignoreregex hostname.com

[boring_twenties]

Sure. But why? We're talking about 1MB to keep a week's worth of logs. It's just not worth even a minor hassle, or the most remote possibility of failure.

[pnutjam]

It's not about logs, it's about defense layers.