diff --git a/config/filter.d/ufw-port-scan.conf b/config/filter.d/ufw-port-scan.conf
new file mode 100644
index 00000000..a0802786
--- /dev/null
+++ b/config/filter.d/ufw-port-scan.conf
@@ -0,0 +1,15 @@
+# fail2ban filter configuration for ufw blocked events (typically port scans)
+#
+# By default every connection attempt blocked by ufw will be
+# logged, e.g.:
+#
+# Sep 14 20:56:41 sierra kernel: [UFW BLOCK] [...] SRC=<REDACTED> DST=<REDACTED> LEN=40 TOS=0x04 PREC=0x00 TTL=48 ID=5614 PROTO=TCP SPT=34092 DPT=23 WINDOW=43012 RES=0x00 SYN URGP=0
+#
+# By carefully setting this filter we ban every IP that tries too many times to
+# connect to non-allowed ports.
+#
+# Author: Michele Bologna https://www.michelebologna.net/
+
+[Definition]
+failregex = ^\s*\S+ kernel:(?: +\[[^\]]+\])? \[UFW BLOCK\](?: (?:IN=\w+|OUT=|(?:(?!OUT=|IN=|SRC=)[A-Z]+=\S*)))* SRC=<ADDR> DST=\S+
+ignoreregex =
diff --git a/config/jail.conf b/config/jail.conf
index bf714f0d..72ddc9b7 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -888,6 +888,10 @@ logpath  = %(syslog_daemon)s     ; nrpe.cfg may define a different log_facility
 backend  = %(syslog_backend)s
 maxretry = 1
 
+[ufw-port-scan]
+logpath  = %(ufw_log)s
+protocol = all
+maxretry = 20
 
 [oracleims]
 # see "oracleims" filter file for configuration requirement for Oracle IMS v6 and above
diff --git a/config/paths-common.conf b/config/paths-common.conf
index 1a5db4c2..cbf2d430 100644
--- a/config/paths-common.conf
+++ b/config/paths-common.conf
@@ -49,6 +49,7 @@ nginx_error_log = /var/log/nginx/*error.log
 
 nginx_access_log = /var/log/nginx/*access.log
 
+ufw_log = /var/log/ufw.log
 
 lighttpd_error_log = /var/log/lighttpd/error.log
 
diff --git a/fail2ban/tests/files/logs/ufw-port-scan b/fail2ban/tests/files/logs/ufw-port-scan
new file mode 100644
index 00000000..fd779442
--- /dev/null
+++ b/fail2ban/tests/files/logs/ufw-port-scan
@@ -0,0 +1,6 @@
+# failJSON: { "time": "2004-09-14T21:11:55", "match": true , "host": "10.20.30.40" }
+Sep 14 21:11:55 sierra kernel: [UFW BLOCK] IN=eth0 OUT= MAC=ff:01:ff:ad:0e:ff:40:a6:77:42:ff:f0:ff:ff SRC=10.20.30.40 DST=70.40.10.10 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=34642 DF PROTO=TCP SPT=60214 DPT=6379 WINDOW=29200 RES=0x00 SYN URGP=0
+# failJSON: { "time": "2004-09-14T21:11:56", "match": true , "host": "10.20.30.41" }
+Sep 14 21:11:56 sierra kernel: [123456.789] [UFW BLOCK] IN=eth0 OUT= MAC=ff:01:ff:ad:0e:ff:40:a6:77:42:ff:f0:ff:ff SRC=10.20.30.41 DST=70.40.10.10 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=34643 DF PROTO=TCP SPT=60215 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
+# failJSON: { "match": false }
+Sep 14 21:11:57 sierra kernel: [UFW ALLOW] IN=eth0 OUT= MAC=ff:01:ff:ad:0e:ff:40:a6:77:42:ff:f0:ff:ff SRC=10.20.30.42 DST=70.40.10.10 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=34644 DF PROTO=TCP SPT=60216 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0