diff --git a/README.md b/README.md
index d6455e98..5e950c7e 100644
--- a/README.md
+++ b/README.md
@@ -513,7 +513,9 @@ The logs can be divided into the following categories:
     - `login_type` string. Can be `public_key`, `password` or `no_auth_tryed`
     - `error` string. Optional error description
 
-The **connection failed logs** can be used for better integration in tools such as [Fail2ban](http://www.fail2ban.org/)
+### Brute force protection
+
+The **connection failed logs** can be used for better integration in tools such as [Fail2ban](http://www.fail2ban.org/). Example of [jails](./fail2ban/jails) and [filters](./fail2ban/filters) working with systemD/journalD are available in fail2ban directory.
 
 ## Acknowledgements
 
diff --git a/fail2ban/filters/sftpgo.conf b/fail2ban/filters/sftpgo.conf
new file mode 100644
index 00000000..ddf7a270
--- /dev/null
+++ b/fail2ban/filters/sftpgo.conf
@@ -0,0 +1,15 @@
+[INCLUDES]
+before = common.conf
+
+[DEFAULT]
+_daemon = sftpgo
+
+[Definition]
+
+# By default, first authenticate method is public_key and must be excluded from the filter to avoid false positives failed attemps 
+failregex = ^.*"sender":"connection_failed","client_ip":"<HOST>","username":".*","login_type":"password".*"}$
+
+ignoreregex =
+
+[Init]
+journalmatch = _SYSTEMD_UNIT=sftpgo.service + _COMM=sftpgo
diff --git a/fail2ban/jails/sftpgo.conf b/fail2ban/jails/sftpgo.conf
new file mode 100644
index 00000000..f7f7643c
--- /dev/null
+++ b/fail2ban/jails/sftpgo.conf
@@ -0,0 +1,10 @@
+[sftpgo]
+enabled = true
+port = 2022
+filter = sftpgo
+action = iptables-allports[name=sftpgo]
+logpath = 
+backend = systemd
+maxretry = 5
+bantime = 600
+findtime = 86400