diff --git a/config/fail2ban.conf.default b/config/fail2ban.conf.default
index d841bd7a..a5b69b06 100644
--- a/config/fail2ban.conf.default
+++ b/config/fail2ban.conf.default
@@ -48,7 +48,8 @@ pidlock = /var/run/fail2ban.pid
 maxfailures = 5
 
 # Option:  bantime
-# Notes.:  number of seconds an IP will be banned.
+# Notes.:  number of seconds an IP will be banned. If set to a negative
+#          value, IP will never be unbanned (permanent banning).
 # Values:  NUM  Default:  600
 #
 bantime = 600
diff --git a/firewall/firewall.py b/firewall/firewall.py
index e50184bd..ebba2545 100644
--- a/firewall/firewall.py
+++ b/firewall/firewall.py
@@ -86,7 +86,11 @@ class Firewall:
 		ip = aInfo["ip"]
 		if not self.inBanList(ip):
 			crtTime = time.time()
-			logSys.warn("%s: Ban "%self.section + ip)
+			if self.banTime < 0:
+				banMsg = "Ban (permanent)"
+			else:
+				banMsg = "Ban (%d s)"%self.banTime
+			logSys.warn("%s: %s "%(self.section, banMsg) + ip)
 			self.banList[ip] = crtTime
 			aInfo["bantime"] = crtTime
 			self.runCheck(debug)
@@ -138,8 +142,12 @@ class Firewall:
 			return None
 
 	def checkForUnBan(self, debug):
-		""" Check for IP to remove from ban list.
+		""" Check for IP to remove from ban list. If banTime is smaller than
+			zero, IP will be never removed.
 		"""
+		if self.banTime < 0:
+			# Permanent banning
+			return
 		banListTemp = self.banList.copy()
 		for element in banListTemp.iteritems():
 			btime = element[1]