diff --git a/CHANGELOG b/CHANGELOG
index 10a20fb8..58c282bc 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -15,7 +15,8 @@ ver. 0.7.4 (2006/??/??) - beta
 - Added "-s" option to specify the socket path and "socket"
   option in "fail2ban.conf"
 - Added "backend" option in "jail.conf"
-- Added more filters/actions and jail samples
+- Added more filters/actions and jail samples. Thanks to Nick
+  Munger
 - Improved testing framework
 
 ver. 0.7.3 (2006/09/28) - beta
diff --git a/MANIFEST b/MANIFEST
index 4fb36593..b5ee598d 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -60,6 +60,7 @@ config/filter.d/sshd.conf
 config/filter.d/proftpd.conf
 config/filter.d/sasl.conf
 config/action.d/iptables.conf
+config/action.d/ipfw.conf
 config/action.d/mail-whois.conf
 config/action.d/mail.conf
 config/action.d/hostsdeny.conf
diff --git a/config/action.d/ipfw.conf b/config/action.d/ipfw.conf
new file mode 100644
index 00000000..2f4de5a5
--- /dev/null
+++ b/config/action.d/ipfw.conf
@@ -0,0 +1,66 @@
+# Fail2Ban configuration file
+#
+# Author: Nick Munger
+# Modified by: Cyril Jaquier
+#
+# $Revision: 254 $
+#
+
+[Definition]
+
+# Option:  fwstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = 
+
+
+# Option:  fwend
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = 
+
+
+# Option:  fwcheck
+# Notes.:  command executed once before each fwban command
+# Values:  CMD
+#
+actioncheck = 
+
+
+# Option:  fwban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <failtime>  unix timestamp of the last failure
+#          <bantime>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = ipfw add deny tcp from <ip> to <localhost> <port>
+
+
+# Option:  fwunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <bantime>  unix timestamp of the ban time
+#          <unbantime>  unix timestamp of the unban time
+# Values:  CMD
+#
+actionunban = ipfw delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
+
+[Init]
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]
+#
+port = ssh
+
+# Option:  localhost
+# Notes.:  the local IP address of the network interface
+# Values:  IP
+#
+localhost = 127.0.0.1
diff --git a/config/jail.conf b/config/jail.conf
index 3716d783..d915de8c 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -121,3 +121,15 @@ filter   = apache-noscript
 action   = shorewall
            mail[name=Postfix, dest=yourmail@mail.com]
 logpath  = /var/log/apache2/error_log
+
+# This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
+# option is overridden in this jail.
+
+[ssh-ipfw]
+
+enabled  = false
+filter   = sshd
+action   = ipfw[localhost=192.168.0.1]
+           mail-whois[name=SSH, dest=yourmail@mail.com]
+logpath  = /var/log/auth.log
+ignoreip = 168.192.0.1