diff --git a/jail.local b/jail.local
new file mode 100644
index 0000000..a1bed7c
--- /dev/null
+++ b/jail.local
@@ -0,0 +1,37 @@
+[INCLUDES]
+
+before = paths-debian.conf
+
+[DEFAULT]
+
+bantime.increment = true
+bantime.multipliers = 1 2 4 8 16 32 64
+ignorecommand =
+bantime  = 240m
+findtime  = 10m
+maxretry = 5
+maxmatches = %(maxretry)s
+backend = auto
+usedns = warn
+logencoding = auto
+enabled = false
+mode = normal
+filter = %(__name__)s[mode=%(mode)s]
+destemail = root@localhost
+sender = root@<fq-hostname>
+mta = sendmail
+protocol = tcp
+chain = <known/chain>
+port = 0:65535
+fail2ban_agent = Fail2Ban/%(fail2ban_version)s
+banaction = iptables-multiport
+banaction_allports = iptables-allports
+action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
+action = %(action_)s
+
+[sshd]
+enabled = true
+mode    = extra
+port    = 29
+logpath = %(sshd_log)s
+backend = %(sshd_backend)s