diff --git a/config/jail.conf b/config/jail.conf
index 5dcce02c..74d1e1d2 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -758,3 +758,15 @@ action   = iptables[name=SSH, port=ssh, protocol=tcp]
            blocklist_de[email="fail2ban@example.com", apikey="xxxxxx", service=%(filter)s]
 logpath  = /var/log/sshd.log
 maxretry = 20
+
+
+# consider low maxretry and a long bantime
+# nobody except your own Nagios server should ever probe nrpe
+[nagios]
+enabled  = false
+filter   = nagios
+action   = iptables[name=Nagios, port=5666, protocol=tcp]
+           sendmail-whois[name=Nagios, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
+logpath  = /var/log/messages     ; nrpe.cfg may define a different log_facility
+ignoreip = 123.12.123.12         ; your Nagios server
+maxretry = 1