diff --git a/bootstrap.yml b/bootstrap.yml
index a22b710..c0b3820 100644
--- a/bootstrap.yml
+++ b/bootstrap.yml
@@ -13,6 +13,20 @@
      ansible.builtin.dnf:
        name: fail2ban
        state: present
+
+   - name: enable sshd jail
+     copy:
+       dest: /etc/fail2ban/jail.local
+       content: |
+         [sshd]
+         enabled = true
+         port = ssh
+         filter = sshd
+         logpath = /var/log/auth.log
+         maxretry = 3
+         findtime = 300
+         bantime = 600
+         ignoreip = 127.0.0.1,169.231.0.0/16,128.111.0.0/16
        
    - name: start fail2ban
      ansible.builtin.systemd_service: