diff --git a/debian/changelog b/debian/changelog
index 526ab807..6ab31b50 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,8 @@ fail2ban (0.8.0-3~pre1) unstable; urgency=low
     Andrewartha.
   * Added optional regexp entry for process PID in some entries (closes:
     #426050). Thanks Roderick Schertler.
+  * Added a filter pam_generic to catch any login errors.
+  * Added iptables-allports.
 
  -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 19 Jun 2007 23:04:02 -0400
 
diff --git a/debian/jail.conf b/debian/jail.conf
index ac258e64..20477f80 100644
--- a/debian/jail.conf
+++ b/debian/jail.conf
@@ -87,6 +87,16 @@ filter	= sshd
 logpath  = /var/log/auth.log
 maxretry = 6
 
+# Generic filter for pam. Has to be used with action which bans all ports
+# such as iptables-allports, shorewall
+[pam-generic]
+
+enabled = false
+filter	= pam-generic
+banaction = iptables-allports
+logpath  = /var/log/auth.log
+maxretry = 6
+
 
 [ssh-ddos]
 
diff --git a/debian/patches/00_iptables_allports.dpatch b/debian/patches/00_iptables_allports.dpatch
new file mode 100755
index 00000000..82157fd3
--- /dev/null
+++ b/debian/patches/00_iptables_allports.dpatch
@@ -0,0 +1,82 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 00_iptables_allports.dpatch by Yaroslav Halchenko <debian@onerussian.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad trunk~/config/action.d/iptables-allports.conf trunk/config/action.d/iptables-allports.conf
+--- trunk~/config/action.d/iptables-allports.conf	1969-12-31 19:00:00.000000000 -0500
++++ trunk/config/action.d/iptables-allports.conf	2007-06-25 12:49:34.000000000 -0400
+@@ -0,0 +1,71 @@
++# Fail2Ban configuration file
++#
++# Author: Cyril Jaquier
++# Modified: Yaroslav O. Halchenko <debian@onerussian.com>
++# 			made active on all ports from original iptables.conf
++#
++# $Revision: $
++#
++
++[Definition]
++
++# Option:  actionstart
++# Notes.:  command executed once at the start of Fail2Ban.
++# Values:  CMD
++#
++actionstart = iptables -N fail2ban-<name>
++              iptables -A fail2ban-<name> -j RETURN
++              iptables -I INPUT -p <protocol> -j fail2ban-<name>
++
++# Option:  actionend
++# Notes.:  command executed once at the end of Fail2Ban
++# Values:  CMD
++#
++actionstop = iptables -D INPUT -p <protocol> -j fail2ban-<name>
++             iptables -F fail2ban-<name>
++             iptables -X fail2ban-<name>
++
++# Option:  actioncheck
++# Notes.:  command executed once before each actionban command
++# Values:  CMD
++#
++actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
++
++# Option:  actionban
++# Notes.:  command executed when banning an IP. Take care that the
++#          command is executed with Fail2Ban user rights.
++# Tags:    <ip>  IP address
++#          <failures>  number of failures
++#          <time>  unix timestamp of the ban time
++# Values:  CMD
++#
++actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
++
++# Option:  actionunban
++# Notes.:  command executed when unbanning an IP. Take care that the
++#          command is executed with Fail2Ban user rights.
++# Tags:    <ip>  IP address
++#          <failures>  number of failures
++#          <time>  unix timestamp of the ban time
++# Values:  CMD
++#
++actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
++
++[Init]
++
++# Defaut name of the chain
++#
++name = default
++
++# Option:  port
++# Notes.:  specifies port to monitor
++# Values:  [ NUM | STRING ]  Default:
++#
++port = ssh
++
++# Option:  protocol
++# Notes.:  internally used by config reader for interpolations.
++# Values:  [ tcp | udp | icmp | all ] Default: tcp
++#
++protocol = tcp
++
diff --git a/debian/patches/00_pam_generic.dpatch b/debian/patches/00_pam_generic.dpatch
new file mode 100755
index 00000000..184e91aa
--- /dev/null
+++ b/debian/patches/00_pam_generic.dpatch
@@ -0,0 +1,46 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 00_pam_generic.dpatch by Yaroslav Halchenko <debian@onerussian.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Filter and examples for a filter generic for any login errors reported with pam_unix.so
+
+@DPATCH@
+diff -urNad trunk~/config/filter.d/pam-generic.conf trunk/config/filter.d/pam-generic.conf
+--- trunk~/config/filter.d/pam-generic.conf	1969-12-31 19:00:00.000000000 -0500
++++ trunk/config/filter.d/pam-generic.conf	2007-06-25 12:41:38.000000000 -0400
+@@ -0,0 +1,26 @@
++# Fail2Ban configuration file for wuftpd
++#
++# Author: Yaroslav Halchenko
++#
++# $Revision:  $
++#
++
++[Definition]
++
++# if you want to catch only login erros from specific daemons, use smth like
++#_ttys_re=(?:ssh|pure-ftpd)
++# To catch all failed logins
++_ttys_re=\S*
++
++#
++# Shortcuts for easier comprehension of the failregex
++__pid_re=(?:\[\d+\])
++__pam_re=\(pam_unix\)
++__pam_combs_re=(?:%(__pid_re)s?:\s+%(__pam_re)s|%(__pam_re)s%(__pid_re)s?:)
++
++# Option: failregex
++# Notes.: regex to match the password failures messages in the logfile.
++# Values: TEXT
++#
++failregex = \s\S+ \S+%(__pam_combs_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
++
+diff -urNad trunk~/config/filter.d/pam-generic.examples trunk/config/filter.d/pam-generic.examples
+--- trunk~/config/filter.d/pam-generic.examples	1969-12-31 19:00:00.000000000 -0500
++++ trunk/config/filter.d/pam-generic.examples	2007-06-25 12:41:38.000000000 -0400
+@@ -0,0 +1,5 @@
++Feb  7 15:10:42 example pure-ftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=sample-user rhost=192.168.1.1 
++May 12 09:47:54 vaio sshd[16004]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71-13-115-12.static.mdsn.wi.charter.com  user=root
++May 12 09:48:03 vaio sshd[16021]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71-13-115-12.static.mdsn.wi.charter.com
++May 15 18:02:12 localhost proftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=66.232.129.62  user=mark
++Nov 25 17:12:13 webmail pop(pam_unix)[4920]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=192.168.10.3 user=mailuser
diff --git a/debian/patches/00list b/debian/patches/00list
index a43407a1..843b8136 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -2,3 +2,5 @@
 00_HOST_ignoreregex
 00_daemon_pids
 10_dbts_manpages
+00_iptables_allports
+00_pam_generic