diff --git a/modules/default.nix b/modules/default.nix
index 211b0e0..8b00b7c 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -3,6 +3,7 @@
     imports = [
       ./caddy
       ./dungflix
+      ./fail2ban
       ./monitoring
       ./synapse
       ./golink
diff --git a/modules/fail2ban/default.nix b/modules/fail2ban/default.nix
new file mode 100644
index 0000000..2312953
--- /dev/null
+++ b/modules/fail2ban/default.nix
@@ -0,0 +1,14 @@
+{...}:
+{
+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+    ignoreIP = [
+      "127.0.0.1/8"
+      "10.0.0.0/8"
+      "172.16.0.0/12"
+      "192.168.0.0/16"
+      "8.8.8.8"
+    ];
+  };
+}