diff --git a/setup/etc/fail2ban/filter.d/asterisk-ami.conf b/setup/etc/fail2ban/filter.d/asterisk-ami.conf
new file mode 100644
index 0000000..b1845df
--- /dev/null
+++ b/setup/etc/fail2ban/filter.d/asterisk-ami.conf
@@ -0,0 +1,23 @@
+# Fail2Ban filter for asterisk AMI authentication failures
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = asterisk
+
+__pid_re = (?:\[\d+\])
+
+iso8601 = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d+[+-]\d{4}
+
+# All Asterisk log messages begin like this:
+
+log_prefix= (?:NOTICE|SECURITY|WARNING)%(__pid_re)s:?(?:\[C-[\da-f]*\])? [^:]+:\d*(?:(?: in)? \w+:)?
+failregex = ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s(?:\sHost)? <HOST> failed to authenticate
+
+ignoreregex =