diff --git a/fail2ban/filter.d/gitea.conf b/fail2ban/filter.d/gitea.conf
new file mode 100644
index 0000000..753f135
--- /dev/null
+++ b/fail2ban/filter.d/gitea.conf
@@ -0,0 +1,4 @@
+# gitea.conf
+[Definition]
+failregex =  .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
+ignoreregex =
diff --git a/fail2ban/jail.d/gitea.conf b/fail2ban/jail.d/gitea.conf
new file mode 100644
index 0000000..f84565d
--- /dev/null
+++ b/fail2ban/jail.d/gitea.conf
@@ -0,0 +1,8 @@
+[gitea]
+enabled = true
+filter = gitea
+logpath = /var/lib/gitea/log/gitea.log
+maxretry = 10
+findtime = 3600
+bantime = 900
+action = iptables-allports