Fail2ban config can get fairly involved in my experience. I’m probably not doing it the right way, as I wrote a bunch of web server ban rules — anyone trying to access wpadmin gets banned, for instance (I don’t use WordPress, and if I did, it wouldn’t be accessible from my public facing reverse proxy).

I just skimmed my nginx logs and looked for anything funky and put that in a ban rule, basically.

I’m guessing it’s because the developers either have a different speciality that they focus on, are employed to support specific hardware, or both.

Yeah, but this is (according to OP) faster, which saves money. And, because it’s open, if there are features that could add serious value, they could be added in-house.

But yeah, perhaps a bit of a pyrrhic victory.