diff --git a/config/jail.conf b/config/jail.conf
index c6d3384f..23e30c83 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -436,33 +436,34 @@ logpath = /var/log/exim/mainlog
 [exim-spam]
 
 enabled = false
-filter = exim-spam
-action = iptables-multiport[name=exim-spam,port="25,465,587"]
+filter  = exim-spam
+action  = iptables-multiport[name=exim-spam,port="25,465,587"]
 logpath = /var/log/exim/mainlog
 
 
 [perdition]
 
 enabled = false
-filter = perdition
-action = iptables-multiport[name=perdition,port="110,143,993,995"]
+filter  = perdition
+action  = iptables-multiport[name=perdition,port="110,143,993,995"]
 logpath = /var/log/maillog
 
 
 [uwimap-auth]
 
 enabled = false
-filter = uwimap-auth
-action = iptables-multiport[name=uwimap-auth,port="110,143,993,995"]
+filter  = uwimap-auth
+action  = iptables-multiport[name=uwimap-auth,port="110,143,993,995"]
 logpath = /var/log/maillog
 
 
 [osx-ssh-ipfw]
 
-enabled = false
-filter = sshd
-action = osx-ipfw
-logpath = /var/log/secure.log
+enabled  = false
+filter   = sshd
+action   = osx-ipfw
+logpath  = /var/log/secure.log
+maxretry = 5
 
 
 [ssh-apf]
@@ -471,22 +472,24 @@ enabled = false
 filter  = sshd
 action  = apf[name=SSH]
 logpath = /var/log/secure
+maxretry = 5
 
 
 [osx-ssh-afctl]
 
-enabled = false
-filter = sshd
-action = osx-afctl[bantime=600]
-logpath = /var/log/secure.log
+enabled  = false
+filter   = sshd
+action   = osx-afctl[bantime=600]
+logpath  = /var/log/secure.log
+maxretry = 5
 
 
 [webmin-auth]
 
 enabled = false
-filter = webmin-auth
-action = iptables-multiport[name=webmin,port="10000"]
-logpath  = /var/log/auth.log
+filter  = webmin-auth
+action  = iptables-multiport[name=webmin,port="10000"]
+logpath = /var/log/auth.log
 
 
 # dovecot defaults to logging to the mail syslog facility
@@ -494,22 +497,22 @@ logpath  = /var/log/auth.log
 [dovecot]
 
 enabled = false
-filter = dovecot
-action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp]
+filter  = dovecot
+action  = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp]
 logpath = /var/log/mail.log
 
 
 [dovecot-auth]
 
 enabled = false
-filter = dovecot
-action = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp]
+filter  = dovecot
+action  = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp]
 logpath = /var/log/secure
 
 
 [selinux-ssh]
 enabled = false
-filter = selinux-ssh
-action = iptables[name=SELINUX-SSH, port=ssh, protocol=tcp]
-logpath = /var/log/audit/audit.log
-
+filter  = selinux-ssh
+action  = iptables[name=SELINUX-SSH, port=ssh, protocol=tcp]
+logpath  = /var/log/audit/audit.log
+maxretry = 5