Install and configure fail2ban on gw
Judging by the logwatch emails, gateway isn't denying hosts properly. We need to move from denyhosts to fail2ban (or another alternative) in the future anyway, so gw would be a good starting point.
- Needs to be reasonably strict at locking people out
- Exemptions for traffic from SUCS
- Exemption (or at least less trigger happy) for traffic from campus
- Some sort of reporting (feed to cacti/collectd etc, logwatch etc)