diff --git a/config/filter.d/vaultwarden.conf b/config/filter.d/vaultwarden.conf
new file mode 100644
index 00000000..325395a6
--- /dev/null
+++ b/config/filter.d/vaultwarden.conf
@@ -0,0 +1,8 @@
+# Fail2Ban filter for unsuccessful Vaultwarden authentication attempts
+# Logged in /var/log/vaultwarden.log
+# Author: LearningSpot
+
+[Definition]
+
+failregex = \[vaultwarden::api::(identity||admin||core::two_factor::authenticator)\]\[ERROR\] (Invalid admin token||Invalid TOTP code||Username or password is incorrect)(.*) IP: <HOST>(?:\. Username: <F-USER>.+</F-USER>\.)?$
+ignoreregex =