diff --git a/ChangeLog b/ChangeLog
index d3f57d61..d902c52b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -40,7 +40,7 @@ ver. 0.8.2 (2008/??/??) - stable
 - Replaced "echo" with "printf" in actions. Fix #1839673
 - Replaced "reject" with "drop" in shorwall action. Fix
   #1854875
-- Fixed Debian bug #456567, #468477, #462060
+- Fixed Debian bug #456567, #468477, #462060, #461426
 
 ver. 0.8.1 (2007/08/14) - stable
 ----------
diff --git a/MANIFEST b/MANIFEST
index aa0a498d..264d37c1 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -74,6 +74,7 @@ config/filter.d/sshd-ddos.conf
 config/filter.d/vsftpd.conf
 config/filter.d/webmin-auth.conf
 config/filter.d/wuftpd.conf
+config/filter.d/xinetd-fail.conf
 config/action.d/hostsdeny.conf
 config/action.d/ipfw.conf
 config/action.d/iptables.conf
diff --git a/config/filter.d/xinetd-fail.conf b/config/filter.d/xinetd-fail.conf
new file mode 100644
index 00000000..01701744
--- /dev/null
+++ b/config/filter.d/xinetd-fail.conf
@@ -0,0 +1,30 @@
+# Fail2Ban configuration file
+#
+# Author: Guido Bozzetto
+#
+# $Revision: 663 $
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+#
+# Cfr.: /var/log/(daemon\.|sys)log
+# libwrap => tcp wrappers: hosts.(allow|deny)
+# address => xinetd: deny_from|only_from
+# load => xinetd: max_load (temporary problem)
+#
+
+failregex = xinetd(?:\[\d{1,5}\])?: FAIL: \S+ address from=<HOST>$
+            xinetd(?:\[\d{1,5}\])?: FAIL: \S+ libwrap from=<HOST>$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =