diff --git a/config/action.d/firewalld-cmd-new.conf b/config/action.d/firewalld-cmd-new.conf
new file mode 100644
index 00000000..837352e9
--- /dev/null
+++ b/config/action.d/firewalld-cmd-new.conf
@@ -0,0 +1,52 @@
+# Fail2Ban configuration file
+#
+# Author: Edgar Hoch
+# Copied from iptables-new.conf and modified for use with firewalld by Edgar Hoch.
+#  It uses "firewall-cmd" instead of "iptables".
+#
+# Because of the --remove-rules in stop this action requires firewalld-0.3.8+
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+[Definition]
+
+actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b-<name>
+              firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 1000 -j RETURN
+              firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
+
+actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
+             firewall-cmd --direct --remove-rules ipv4 filter f2b-<name>
+             firewall-cmd --direct --remove-chain ipv4 filter f2b-<name>
+
+actioncheck = firewall-cmd --direct --get-chains ipv4 filter | grep -q 'f2b-<name>[ \t]'
+
+actionban = firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ]
+#
+protocol = tcp
+
+# Option:  chain
+# Notes    specifies the iptables chain to which the fail2ban rules should be
+#          added
+# Values:  [ STRING ]
+#
+chain = INPUT_direct