diff --git a/prudentia/files/file2ban/jail.local.j2 b/prudentia/files/file2ban/jail.local.j2
new file mode 100644
index 0000000..37a7f75
--- /dev/null
+++ b/prudentia/files/file2ban/jail.local.j2
@@ -0,0 +1,19 @@
+[ssh]
+
+enabled  = true
+
+port     = ssh
+
+filter   = sshd
+
+logpath  = /var/log/auth.log
+
+action   = hostsdeny[file=/etc/hosts.deny]
+
+maxretry = 3
+
+ignoreip = 127.0.0.1/8 {% if whitelistedips is defined %} {% for host in whitelistedips %} {{host}} {% endfor %} {% endif %}
+
+findtime = 300
+
+bantime  = -1
diff --git a/prudentia/tasks/fail2ban.yml b/prudentia/tasks/fail2ban.yml
new file mode 100644
index 0000000..3f8def1
--- /dev/null
+++ b/prudentia/tasks/fail2ban.yml
@@ -0,0 +1,24 @@
+---
+  # Parameters:
+  #  prudentia_dir (provided)
+  #  whitelistedips (optional) list of ips for /etc/hosts.allow
+
+  - name: Fail2Ban | Install fail2ban
+    apt: pkg=fail2ban state=installed update-cache=yes
+    sudo: yes
+    tags:
+      - fail2ban 
+
+  - name: Fail2Ban | local fail2ban jail config
+    template: src={{prudentia_dir}}/files/file2ban/jail.local.j2 dest=/etc/fail2ban/jail.local
+    sudo: yes 
+    tags:
+      - fail2ban 
+
+  - name: Fail2Ban |  reload fail2ban
+    service: name=fail2ban state=reloaded      
+    sudo: yes
+    tags:
+      - fail2ban 
+
+