diff --git a/debian/changelog b/debian/changelog
index 0fdf1395..092dbf26 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,38 @@
+fail2ban (0.7.6-1~pre1) UNRELEASED; urgency=low
+
+  * New upstream release, which incorporates fixes introduced in 3~pre
+    non-released versions (which were suggested to the users to overcome
+    problems reported in bug reports). In particular attention should be paid
+    to upstream changelog entries
+  
+    - Several "failregex" and "ignoreregex" are now accepted.
+      Creation of rules should be easier now.
+    
+      This is an alternative solution to 'multiple <HOST>' entries fix,
+      which is not applied to this shipped version - pay cautios if upgrading
+      from 0.7.5-3~pre?
+   
+    - Allow comma in action options. The value of the option must
+      be escaped with " or '. 
+
+      That allowed to implement requested ability to ban multiple ports
+      at once (See 373592). README.Debian and jail.conf adjusted to reflect
+      possible use of iptables-mport
+
+    - Now Fail2ban goes in /usr/share/fail2ban instead of
+      /usr/lib/fail2ban. This is more compliant with FHS.
+      Patch 00_share_insteadof_lib no longer applied
+
+  * Refactored installed by debian package jail.conf:
+
+    - Added option banaction which is to incorporate banning agent
+      (usually some flavor of iptables rule), which can then be easily
+      overriden globally or per section
+    
+    - Multiple actions are defined as action_* to serve as shortcuts
+   
+ -- Yaroslav Halchenko <debian@onerussian.com>  Thu,  4 Jan 2007 12:21:30 -0500
+
 fail2ban (0.7.5-3~pre6) unstable; urgency=low
 
   * Fail2ban now bans vsftpd logins (corrected logfile path and failregex)
diff --git a/debian/jail.conf b/debian/jail.conf
index 95223d42..ec2418b1 100644
--- a/debian/jail.conf
+++ b/debian/jail.conf
@@ -33,31 +33,48 @@ backend = polling
 # jail.{conf,local} configuration files.
 destemail = root@localhost
 
-# Default action to take: ban only
-action = iptables[name=%(__name__)s, port=%(port)s]
+#
+# ACTIONS
+#
+
+# Default banning action (e.g. iptables, iptables-new,
+# iptables-multiport, etc) It is used to define action_* variables. Can
+# be overriden globally or per section within jail.local file
+banaction = iptables
+
+# The simplest action to take: ban only
+action_i = %(banaction)s[name=%(__name__)s, port="%(port)s"]
 
 # Following actions can be chosen as an alternatives to the above action.
-# To activate, just copy/paste+uncomment chosen 2 (excluding comments) lines
-# into jail.local
 
-# Default action to take: ban & send an e-mail with whois report
-# to the destemail.
-# action = iptables[name=%(__name__)s, port=%(port)s]
-#          mail-whois[name=%(__name__)s, dest=%(destemail)s]
+# Action to take: ban & send an e-mail with whois report to the destemail.
+action_i_mw = %(banaction)s[name=%(__name__)s, port="%(port)s"]
+              mail-whois[name=%(__name__)s, dest="%(destemail)s"]
 
-# Default action to take: ban & send an e-mail with whois report 
+# Action to take: ban & send an e-mail with whois report 
 # and relevant log lines to the destemail.
-# action = iptables[name=%(__name__)s, port=%(port)s]
-#          mail-whois-lines[name=%(__name__)s, dest=%(destemail)s, logpath=%(logpath)s]
+action_i_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s"]
+               mail-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s]
  
-# Next jails corresponds to the standard configuration in Fail2ban 0.6
-# which was shipped in Debian. Please enable any defined here jail by including
+# Choose default action.  To change, just override value of 'action' with the
+# chosen action (e.g.  action_i_mw, action_i_mwl, etc) in jail.local
+# globally (section [DEFAULT]) or per specific section (e.g. ssh)
+action = action_i
+
 #
-# [SECTION_NAME]
+# JAILS
+#
+
+# Next jails corresponds to the standard configuration in Fail2ban 0.6 which
+# was shipped in Debian. Please enable any defined here jail by including
+#
+# [SECTION_NAME] 
 # enabled = true
 #
 # in /etc/fail2ban/jail.local.
 #
+# Optionally you may override any other parameter (e.g. banaction,
+# action, port, logpath, etc) in that section within jail.local
 
 [ssh]
 
@@ -88,6 +105,14 @@ filter	= apache-auth
 logpath = /var/log/apache*/*access.log
 maxretry = 6
 
+[apache-multiport]
+
+enabled   = false
+banaction = iptables-multiport
+port	  = http,https
+filter	  = apache-auth
+logpath   = /var/log/apache*/*access.log
+maxretry  = 6
 
 [apache-noscript]
 
diff --git a/debian/patches/00_iptables-mports.dpatch b/debian/patches/00_iptables-mports.dpatch
new file mode 100755
index 00000000..bb84a70e
--- /dev/null
+++ b/debian/patches/00_iptables-mports.dpatch
@@ -0,0 +1,80 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 00_iptables-mports.dpatch by Yaroslav Halchenko <debian@onerussian.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad fail2ban-0.7.5~/config/action.d/iptables-multiport.conf fail2ban-0.7.5/config/action.d/iptables-multiport.conf
+--- fail2ban-0.7.5~/config/action.d/iptables-multiport.conf	1969-12-31 19:00:00.000000000 -0500
++++ fail2ban-0.7.5/config/action.d/iptables-multiport.conf	2007-01-04 12:28:46.000000000 -0500
+@@ -0,0 +1,69 @@
++# Fail2Ban configuration file
++#
++# Author: Cyril Jaquier
++# Modified by Yaroslav Halchenko for multiport banning
++# $Revision: 455 $
++#
++
++[Definition]
++
++# Option:  fwstart
++# Notes.:  command executed once at the start of Fail2Ban.
++# Values:  CMD
++#
++actionstart = iptables -N fail2ban-<name>
++              iptables -A fail2ban-<name> -j RETURN
++              iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
++
++# Option:  fwend
++# Notes.:  command executed once at the end of Fail2Ban
++# Values:  CMD
++#
++actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
++             iptables -F fail2ban-<name>
++             iptables -X fail2ban-<name>
++
++# Option:  fwcheck
++# Notes.:  command executed once before each fwban command
++# Values:  CMD
++#
++actioncheck = iptables -L INPUT | grep -q fail2ban-<name>
++
++# Option:  fwban
++# Notes.:  command executed when banning an IP. Take care that the
++#          command is executed with Fail2Ban user rights.
++# Tags:    <ip>  IP address
++#          <failures>  number of failures
++#          <time>  unix timestamp of the ban time
++# Values:  CMD
++#
++actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
++
++# Option:  fwunban
++# Notes.:  command executed when unbanning an IP. Take care that the
++#          command is executed with Fail2Ban user rights.
++# Tags:    <ip>  IP address
++#          <failures>  number of failures
++#          <time>  unix timestamp of the ban time
++# Values:  CMD
++#
++actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
++
++[Init]
++
++# Defaut name of the chain
++#
++name = default
++
++# Option:  port
++# Notes.:  specifies port to monitor
++# Values:  [ NUM | STRING ]  Default:
++#
++port = ssh
++
++# Option:  protocol
++# Notes.:  internally used by config reader for interpolations.
++# Values:  [ tcp | udp | icmp | all ] Default: tcp
++#
++protocol = tcp
++
diff --git a/debian/patches/00_share_insteadof_lib.dpatch b/debian/patches/00_share_insteadof_lib.dpatch
deleted file mode 100755
index f0d665a9..00000000
--- a/debian/patches/00_share_insteadof_lib.dpatch
+++ /dev/null
@@ -1,84 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 00_share_insteadof_lib.dpatch by Yaroslav Halchenko <debian@onerussian.com>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
-
-@DPATCH@
-diff -urNad fail2ban-0.7.5~/fail2ban-client fail2ban-0.7.5/fail2ban-client
---- fail2ban-0.7.5~/fail2ban-client	2006-12-07 20:59:15.000000000 -0500
-+++ fail2ban-0.7.5/fail2ban-client	2006-12-07 20:59:15.000000000 -0500
-@@ -30,7 +30,7 @@
- 
- # Inserts our own modules path first in the list
- # fix for bug #343821
--sys.path.insert(1, "/usr/lib/fail2ban")
-+sys.path.insert(1, "/usr/share/fail2ban")
- 
- # Now we can import our modules
- from common.version import version
-diff -urNad fail2ban-0.7.5~/fail2ban-regex fail2ban-0.7.5/fail2ban-regex
---- fail2ban-0.7.5~/fail2ban-regex	2006-11-16 15:59:47.000000000 -0500
-+++ fail2ban-0.7.5/fail2ban-regex	2006-12-07 20:59:15.000000000 -0500
-@@ -29,7 +29,7 @@
- 
- # Inserts our own modules path first in the list
- # fix for bug #343821
--sys.path.insert(1, "/usr/lib/fail2ban")
-+sys.path.insert(1, "/usr/share/fail2ban")
- 
- from common.version import version
- from server.filter import Filter
-diff -urNad fail2ban-0.7.5~/fail2ban-server fail2ban-0.7.5/fail2ban-server
---- fail2ban-0.7.5~/fail2ban-server	2006-12-07 20:59:15.000000000 -0500
-+++ fail2ban-0.7.5/fail2ban-server	2006-12-07 20:59:15.000000000 -0500
-@@ -29,7 +29,7 @@
- 
- # Inserts our own modules path first in the list
- # fix for bug #343821
--sys.path.insert(1, "/usr/lib/fail2ban")
-+sys.path.insert(1, "/usr/share/fail2ban")
- 
- from common.version import version
- from server.server import Server
-diff -urNad fail2ban-0.7.5~/fail2ban-testcases fail2ban-0.7.5/fail2ban-testcases
---- fail2ban-0.7.5~/fail2ban-testcases	2006-12-07 20:59:15.000000000 -0500
-+++ fail2ban-0.7.5/fail2ban-testcases	2006-12-07 20:59:15.000000000 -0500
-@@ -30,7 +30,7 @@
- 
- # Inserts our own modules path first in the list
- # fix for bug #343821
--sys.path.insert(1, "/usr/lib/fail2ban")
-+sys.path.insert(1, "/usr/share/fail2ban")
- 
- from common.version import version
- from testcases import banmanagertestcase
-diff -urNad fail2ban-0.7.5~/setup.cfg fail2ban-0.7.5/setup.cfg
---- fail2ban-0.7.5~/setup.cfg	2006-11-01 16:08:43.000000000 -0500
-+++ fail2ban-0.7.5/setup.cfg	2006-12-07 20:59:15.000000000 -0500
-@@ -1,5 +1,5 @@
- [install]
--install-purelib=/usr/lib/fail2ban
-+install-purelib=/usr/share/fail2ban
- 
- [sdist]
- formats=bztar
-diff -urNad fail2ban-0.7.5~/setup.py fail2ban-0.7.5/setup.py
---- fail2ban-0.7.5~/setup.py	2006-12-07 20:59:15.000000000 -0500
-+++ fail2ban-0.7.5/setup.py	2006-12-07 21:10:02.000000000 -0500
-@@ -84,13 +84,13 @@
- 					[
- 						"fail2ban.py"
- 					], 
--				"/usr/lib/fail2ban/firewall/":
-+				"/usr/share/fail2ban/firewall/":
- 					[
- 						"iptables.py", 
- 						"ipfwadm.py", 
- 						"ipfw.py"
- 					],
--				"/usr/lib/fail2ban/":
-+				"/usr/share/fail2ban/":
- 					[
- 						"version.py", 
- 						"protocol.py"
diff --git a/debian/patches/00list b/debian/patches/00list
index 107cdb0d..0bf25c50 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -1,8 +1,6 @@
-00_share_insteadof_lib
+00_iptables-mports
 00_iptables_NEW
 00_mail-whois-lines
 10_dbts_manpages
 10_wuftpd_section
 10_vsftpd_regex
-10_ssh-ddos_section
-10_multiple_HOST_regexp
diff --git a/debian/patches/10_ssh-ddos_section.dpatch b/debian/patches/10_ssh-ddos_section.dpatch
deleted file mode 100755
index 14de1aa8..00000000
--- a/debian/patches/10_ssh-ddos_section.dpatch
+++ /dev/null
@@ -1,52 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 10_ssh-ddos_section.dpatch by Yaroslav Halchenko <debian@onerussian.com>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
-
-@DPATCH@
-diff -urNad fail2ban-0.7.4~/config/filter.d/sshd-ddos.conf fail2ban-0.7.4/config/filter.d/sshd-ddos.conf
---- fail2ban-0.7.4~/config/filter.d/sshd-ddos.conf	1969-12-31 19:00:00.000000000 -0500
-+++ fail2ban-0.7.4/config/filter.d/sshd-ddos.conf	2006-12-26 21:59:03.000000000 -0500
-@@ -0,0 +1,22 @@
-+# Fail2Ban configuration file
-+#
-+# Author: Yaroslav Halchenko
-+#
-+# $Revision: 471 $
-+#
-+
-+[Definition]
-+
-+# Option:  failregex
-+# Notes.:  regex to match the password failures messages in the logfile. The
-+#          host must be matched by a group named "host". The tag "<HOST>" can
-+#          be used for standard IP/hostname matching.
-+# Values:  TEXT
-+#
-+failregex = sshd\[\S*\]: Did not receive identification string from <HOST>
-+
-+# Option:  ignoreregex
-+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
-+# Values:  TEXT
-+#
-+ignoreregex = 
-diff -urNad fail2ban-0.7.4~/config/jail.conf fail2ban-0.7.4/config/jail.conf
---- fail2ban-0.7.4~/config/jail.conf	2006-10-19 16:13:01.000000000 -0400
-+++ fail2ban-0.7.4/config/jail.conf	2006-12-26 22:00:03.000000000 -0500
-@@ -33,6 +33,15 @@
- logpath  = /var/log/sshd.log
- maxretry = 5
- 
-+[ssh-ddos-iptables]
-+
-+enabled  = false
-+filter   = sshd-ddos
-+action   = iptables[name=SSH, port=ssh, protocol=tcp]
-+           mail-whois[name=SSH, dest=yourmail@mail.com]
-+logpath  = /var/log/sshd.log
-+maxretry = 5
-+
- [proftpd-iptables]
- 
- enabled  = false
diff --git a/debian/patches/10_vsftpd_regex.dpatch b/debian/patches/10_vsftpd_regex.dpatch
index 208f582d..6dc4bd52 100755
--- a/debian/patches/10_vsftpd_regex.dpatch
+++ b/debian/patches/10_vsftpd_regex.dpatch
@@ -5,15 +5,14 @@
 ## DP: No description.
 
 @DPATCH@
-diff -urNad fail2ban-0.7.5~/config/filter.d/vsftpd.conf fail2ban-0.7.5/config/filter.d/vsftpd.conf
---- fail2ban-0.7.5~/config/filter.d/vsftpd.conf	2006-11-19 16:34:49.000000000 -0500
-+++ fail2ban-0.7.5/config/filter.d/vsftpd.conf	2006-12-21 23:50:14.000000000 -0500
-@@ -13,7 +13,7 @@
- #          be used for standard IP/hostname matching.
+diff -urNad fail2ban-0.7.6~/config/filter.d/vsftpd.conf fail2ban-0.7.6/config/filter.d/vsftpd.conf
+--- fail2ban-0.7.6~/config/filter.d/vsftpd.conf	2006-12-23 04:56:55.000000000 -0500
++++ fail2ban-0.7.6/config/filter.d/vsftpd.conf	2007-01-04 12:42:01.000000000 -0500
+@@ -15,6 +15,7 @@
  # Values: TEXT
  #
--failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
-+failregex = (?:vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>|\[.+\] FAIL LOGIN: Client "<HOST>"$)
+ failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
++            \[.+\] FAIL LOGIN: Client "<HOST>"$
  
  # Option:  ignoreregex
  # Notes.:  regex to ignore. If this regex matches, the line is ignored.