diff --git a/ChangeLog b/ChangeLog
index 69384094..d3f57d61 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -40,7 +40,7 @@ ver. 0.8.2 (2008/??/??) - stable
 - Replaced "echo" with "printf" in actions. Fix #1839673
 - Replaced "reject" with "drop" in shorwall action. Fix
   #1854875
-- Fixed Debian bug #456567, #468477
+- Fixed Debian bug #456567, #468477, #462060
 
 ver. 0.8.1 (2007/08/14) - stable
 ----------
diff --git a/MANIFEST b/MANIFEST
index ed66c8d1..aa0a498d 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -79,6 +79,7 @@ config/action.d/ipfw.conf
 config/action.d/iptables.conf
 config/action.d/iptables-allports.conf
 config/action.d/iptables-multiport.conf
+config/action.d/iptables-multiport-log.conf
 config/action.d/iptables-new.conf
 config/action.d/mail.conf
 config/action.d/mail-buffered.conf
diff --git a/config/action.d/iptables-multiport-log.conf b/config/action.d/iptables-multiport-log.conf
new file mode 100644
index 00000000..0fe29a88
--- /dev/null
+++ b/config/action.d/iptables-multiport-log.conf
@@ -0,0 +1,78 @@
+# Fail2Ban configuration file
+#
+# Author: Guido Bozzetto
+# Modified: Cyril Jaquier
+#
+# make "fail2ban-<name>" chain to match drop IP
+# make "fail2ban-<name>-log" chain to log and drop
+# insert a jump to fail2ban-<name> from -I INPUT if proto/port match
+#
+# $Revision: 658 $
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = iptables -N fail2ban-<name>
+              iptables -A fail2ban-<name> -j RETURN
+              iptables -I INPUT 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+              iptables -N fail2ban-<name>-log
+              iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
+              iptables -A fail2ban-<name>-log -j DROP
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+             iptables -F fail2ban-<name>
+             iptables -F fail2ban-<name>-log
+             iptables -X fail2ban-<name>
+             iptables -X fail2ban-<name>-log
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = iptables -n -L fail2ban-<name>-log >/dev/null
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j fail2ban-<name>-log
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = iptables -D fail2ban-<name> -s <ip> -j fail2ban-<name>-log
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp