Is there a way to to temporarily lockout a IP that does too many incorrect passwords and ban them if they continue? Also if there is a feature like that is there a way to add your IP address so you don’t get banned?
Earlier, even I misunderstood and thought it would be a nice feature request, just like it is in CSF firewall. It works a bit different than fail2ban.
But fail2ban will do that for you too, if properly configured.
That is easy to configure. You can open in the configuration area in Hestia, go to firewall settings and block that Single IP or the IP/24. It will remain in the system blocked until you remove it from the settings. So it will not be a temporary one, though.
A temporary block could be easily achieved through the CSF firewall, if you want to have a more advanced solution. CSF will do that automatically for you, if you configure it in csf.conf properly.