diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
index 42bd5b9..f3b6989 100644
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@@ -48,3 +48,9 @@
   systemd:
     name: rsyslog
     state: restarted
+
+- name: Restart fail2ban service
+  become: true
+  systemd:
+    name: fail2ban
+    state: restarted
diff --git a/roles/setup-fail2ban/files/00-banactions-nft.conf b/roles/setup-fail2ban/files/00-banactions-nft.conf
new file mode 100644
index 0000000..9ff1b6d
--- /dev/null
+++ b/roles/setup-fail2ban/files/00-banactions-nft.conf
@@ -0,0 +1,3 @@
+[DEFAULT]
+banaction = nftables-multiport
+banaction_allports = nftables-allports
diff --git a/roles/setup-fail2ban/tasks/main.yml b/roles/setup-fail2ban/tasks/main.yml
new file mode 100644
index 0000000..1a628f3
--- /dev/null
+++ b/roles/setup-fail2ban/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+- name: Install fail2ban
+  become: true
+  apt:
+    name: fail2ban
+    state: present
+    update_cache: yes
+
+- name: Configure fail2ban for nftables
+  become: true
+  copy:
+    src: 00-banactions-nft.conf
+    dest: /etc/fail2ban/jail.d/00-banactions-nft.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart fail2ban service