diff --git a/fail2ban/filter.d/authelia-auth.conf b/fail2ban/filter.d/authelia-auth.conf
new file mode 100644
index 0000000..8617808
--- /dev/null
+++ b/fail2ban/filter.d/authelia-auth.conf
@@ -0,0 +1,13 @@
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+failregex = ^.*Unsuccessful (1FA|TOTP|Duo|U2F) authentication attempt by user .*remote_ip="?<HOST>"? stack.*
+            (?i)^.*access to .*is not authorized.*remote_ip=<HOST>
+            ^.* is banned until .*remote_ip=<HOST> stack.*
+
+ignoreregex = ^.*level=debug.*
+              ^.*level=info.*
+              ^.*level=warning.*
diff --git a/fail2ban/filter.d/gitea-auth.conf b/fail2ban/filter.d/gitea-auth.conf
new file mode 100644
index 0000000..4af9fa3
--- /dev/null
+++ b/fail2ban/filter.d/gitea-auth.conf
@@ -0,0 +1,7 @@
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+failregex =  .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
diff --git a/fail2ban/filter.d/nextcloud-auth.conf b/fail2ban/filter.d/nextcloud-auth.conf
new file mode 100644
index 0000000..f1f3a76
--- /dev/null
+++ b/fail2ban/filter.d/nextcloud-auth.conf
@@ -0,0 +1,7 @@
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+failregex=^{"reqId":".*","remoteAddr":"<HOST>".*message":"Login failed: .*}$
diff --git a/fail2ban/jail.d/authelia-auth.conf b/fail2ban/jail.d/authelia-auth.conf
new file mode 100644
index 0000000..1b4a177
--- /dev/null
+++ b/fail2ban/jail.d/authelia-auth.conf
@@ -0,0 +1,5 @@
+[authelia-auth]
+
+enabled  = false
+port     = http,https,9091
+logpath  = /remotelogs/authelia/authelia.log
diff --git a/fail2ban/jail.d/gitea-auth.conf b/fail2ban/jail.d/gitea-auth.conf
new file mode 100644
index 0000000..d51c216
--- /dev/null
+++ b/fail2ban/jail.d/gitea-auth.conf
@@ -0,0 +1,5 @@
+[gitea-auth]
+
+enabled  = false
+port     = http,https
+logpath  = /remotelogs/gitea/gitea/log/gitea.log
diff --git a/fail2ban/jail.d/jail.local b/fail2ban/jail.d/jail.local
new file mode 100644
index 0000000..6b6e78e
--- /dev/null
+++ b/fail2ban/jail.d/jail.local
@@ -0,0 +1,24 @@
+[DEFAULT]
+ignoreip = 10.0.0.0/8, 192.168.0.0/16, 127.0.0.1, 172.0.0.0/8
+action = cloudflare
+
+[authelia-auth]
+filter=authelia-auth
+enabled = yes
+findtime = 3600
+maxretry = 3
+bantime = -1
+
+[nextcloud-auth]
+filter=nextcloud-auth
+enabled = yes
+findtime = 3600
+maxretry = 3
+bantime = -1
+
+[gitea-auth]
+filter=gitea-auth
+#enabled = yes
+findtime = 3600
+maxretry = 3
+bantime = -1
diff --git a/fail2ban/jail.d/nextcloud-auth.conf b/fail2ban/jail.d/nextcloud-auth.conf
new file mode 100644
index 0000000..7a8f412
--- /dev/null
+++ b/fail2ban/jail.d/nextcloud-auth.conf
@@ -0,0 +1,5 @@
+[nextcloud-auth]
+
+enabled  = false
+port     = http,https
+logpath  = /remotelogs/nextcloud/data/nextcloud.log