diff --git a/config/filter.d/ufw-port-scan.conf b/config/filter.d/ufw-port-scan.conf
new file mode 100644
index 00000000..9a6f1189
--- /dev/null
+++ b/config/filter.d/ufw-port-scan.conf
@@ -0,0 +1,15 @@
+# fail2ban filter configuration for ufw blocked events (typically port scans)
+#
+# By default every connection attempt blocked by ufw will be
+# logged, e.g.:
+#
+# Sep 14 20:56:41 sierra kernel: [UFW BLOCK] [...] SRC=<REDACTED> DST=<REDACTED> LEN=40 TOS=0x04 PREC=0x00 TTL=48 ID=5614 PROTO=TCP SPT=34092 DPT=23 WINDOW=43012 RES=0x00 SYN URGP=0
+#
+# By carefully setting this filter we ban every IP that tries too many times to
+# connect to non-allowed ports.
+#
+# Author: Michele Bologna https://www.michelebologna.net/
+
+[Definition]
+failregex = .*\[UFW BLOCK\] IN=.* SRC=<HOST>
+ignoreregex =
diff --git a/fail2ban/tests/files/logs/ufw-port-scan b/fail2ban/tests/files/logs/ufw-port-scan
new file mode 100644
index 00000000..f3407d80
--- /dev/null
+++ b/fail2ban/tests/files/logs/ufw-port-scan
@@ -0,0 +1,2 @@
+# failJSON: { "time": "Sep 14 21:11:55", "match": true , "host": "10.20.30.40" }
+Sep 14 21:11:55 sierra kernel: [UFW BLOCK] IN=eth0 OUT= MAC=ff:01:ff:ad:0e:ff:40:a6:77:42:ff:f0:ff:ff SRC=10.20.30.40 DST=70.40.10.10 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=34642 DF PROTO=TCP SPT=60214 DPT=6379 WINDOW=29200 RES=0x00 SYN URGP=0