diff --git a/config/filter.d/nagios.conf b/config/filter.d/nagios.conf
new file mode 100644
index 00000000..d01769cc
--- /dev/null
+++ b/config/filter.d/nagios.conf
@@ -0,0 +1,21 @@
+# Fail2Ban filter for Nagios Remote Plugin Executor (nrpe2)
+# Detecting unauthorized access to the nrpe2 daemon 
+# typically logged in /var/log/messages syslog
+#
+
+
+[INCLUDES]
+# Read syslog common prefixes
+before = common.conf
+
+
+[Definition]
+_daemon     = nrpe
+failregex   = ^%(__prefix_line)sHost <HOST> is not allowed to talk to us!\s*$
+            = ^%(__prefix_line)sConnection from <HOST> closed. We don't support AF_INET6 addreess family in ACL\s*$
+ignoreregex =.
+
+
+# DEV Notes:
+# 
+# Author: Ivo Truxa - 2014/02/03