I'm trying to get Fail2Ban setup and I can't get it to filter the multiple connect requests. I do have block list enabled as well but I want some extra protection, just in case... :)

Using fail2ban-regex to confirm my expression does show that it's picking up the entries in node*.log, but it's still not filtering.

My regex string is
failregex = Connect from <HOST> \(*

jail.local reads:
[mystic]
enabled = true
port = 23
filter = mystic
logpath = /mystic/logs/node*.log
maxretry = 2
findtime = 120
bantime = 900

Any ideas?

--- Mystic BBS v1.12 A38 2018/01/01 (Linux/32)
* Origin: The Vista BBS - Vallejo, CA USA (21:1/142)