diff --git a/Readme.md b/Readme.md
index 04207322cc170b18002e17d2ecaee86c2829b99b..ca138de151cfd58858f67f9824366f373e033052 100644
--- a/Readme.md
+++ b/Readme.md
@@ -2,7 +2,7 @@
 
 1. `git clone https://gitlab.tetras-libre.fr/nocloud/docker/dolibarr`
 
-2. Copy appropriate .env (Dev or prod). 
+2. Copy appropriate .env (Dev or prod).
 
 -  `cp .env.dev.sample .env`
 -  `cp .env.prod.sample .env`
@@ -11,7 +11,7 @@
 4. If required change `DOLI_VERSION` in `.env` file, see https://github.com/Dolibarr/dolibarr/tags
 5. `docker-compose up`, the first docker-compose up takes time because we have git clone. **You need to wait the end of git clone**
 6. This will create 2 directories `dolibarr_src` : dolibarr code source and logs and `dolibarr_db`: mysql files
-7. Create a link to the dolibarr  custom directory (where you should put your modules): 
+7. Create a link to the dolibarr  custom directory (where you should put your modules):
 - `ln -s dolibarr_src/htdocs/custom/ src`
 8. Give the permissions for dolibarr to write the dolibarr_src directory, these rights will be fixed later by `./doli perms`
 ```
@@ -26,15 +26,25 @@ chown -R :www-data dolibarr
 
 ![config.png](config.png)
 
-Setup following fields : 
+Setup following fields :
 
 - Serveur de base de données : in dev mariadb
 - Identifiant `dolibarr`
-- Mot de passe : Password from `PASS` variable in your .env 
+- Mot de passe : Password from `PASS` variable in your .env
 
 12. Go to Configuration > Email and configure the mail server
 13. Go to Configuration > Societe / Organisation and configure the organisation
 
+## Config Fail2Ban
+
+1. [ ] login in administrator "config" > "moduls/application"
+4. [ ] Activate log modules
+5. [ ] Set log level on "LOG_NOTICE (6)"
+6. [ ] Switch in root user
+7. [ ] `./doli fail2ban`
+8. [ ] Enter name of instance interactivly
+9. [ ] `systemctl restart fail2ban`
+
 ## Databases (For developpement)
 
 There is a `dumps/` directory in this repository holding a very old dump from a dev instance of Dolibarr 9.x
diff --git a/doli b/doli
index 74d590b072e1bc1dd1f4d98afd2a7beae568dfca..ec811c9c4bec28f47edd18a7badb6a372b3fd7d7 100755
--- a/doli
+++ b/doli
@@ -25,7 +25,7 @@ usage() {
     echo -e "Usage $0 <command> [args]\n"
     echo -e "COMMANDS\n"
     echo "bash"
-    echo -e "\topens a bash terminal in front container or just run bash"
+    echo -e "\t opens a bash terminal in front container or just run bash"
     echo "down"
     echo -e "\t stops the docker stack"
     echo "help"
@@ -33,23 +33,25 @@ usage() {
 	echo "logs"
 	echo -e "\t Follow all usefull logs"
     echo "mysql"
-    echo -e "\topen a mysql prompt in LNB database"
+    echo -e "\t pen a mysql prompt in LNB database"
     echo "mysql_dump"
-    echo -e "\tcreates a database dump"
+    echo -e "\t creates a database dump"
     echo "mysql_init"
-    echo -e "\tpopulate LabNbook database (Docker only)"
+    echo -e "\t populate LabNbook database (Docker only)"
     echo "mysql_restore"
-    echo -e "\trestores database from a dump"
+    echo -e "\t restores database from a dump"
 	echo "perms"
-	echo -e "\tsets default files permissions"
+	echo -e "\t sets default files permissions"
     echo "restart"
     echo -e "\t restart the docker stack or apache2"
     echo "shell"
-    echo -e "\trun a php shell, same as $0 artisan tinker"
+    echo -e "\t run a php shell, same as $0 artisan tinker"
     echo "up"
     echo -e "\t starts the docker stack"
 	echo "tags"
 	echo -e "\t generate ctags"
+	echo "fail2ban"
+	echo -e "\t root only - put fail2ban jail and filter in good directory with good log path"
 }
 
 if [ "$(is_docker)" -eq 1 ]; then
@@ -65,7 +67,7 @@ if [ "$(is_docker)" -eq 1 ]; then
     cmdup="$compose up"
     cmddown="$compose down"
 else
-    cmdrestart="apache2ctl restart" 
+    cmdrestart="apache2ctl restart"
 fi
 
 pass=$(get_conf_val main_db_pass)
@@ -111,26 +113,26 @@ case $action in
 		fi
 		read -p "Do you want to restore your database from file '$1' ? This command will erase your current data. (y/n). " yn
         case $yn in
-            [Yy]* )  
+            [Yy]* )
                 zcat $1 | grep -v '/\*M' | $cmdmyInput $mysql
                 ;;
-            [Nn]* ) 
+            [Nn]* )
                 exit
                 ;;
-            * ) 
+            * )
                 echo "Please answer yes or no.";;
         esac
 		;;
     "mysql_init")
         read -p "Do you want to init your database with default data? This command will erase your current data. (y/n). " yn
         case $yn in
-            [Yy]* )  
+            [Yy]* )
                 zcat $DUMP_PATH | $cmdmyInput $mysql
                 ;;
-            [Nn]* ) 
+            [Nn]* )
                 exit
                 ;;
-            * ) 
+            * )
                 echo "Please answer yes or no.";;
         esac
         ;;
@@ -161,6 +163,23 @@ case $action in
 		cd $DIR/dolibarr_src
 		ctags -R --fields=+aimlS --languages=php
 		;;
+	"fail2ban")
+		if [ "$EUID" -ne 0 ]
+		  then echo "Please run as root"
+		  exit
+		fi
+		workdir=$PWD
+		echo $workdir
+		read -p "Give name of instance: " name
+		echo $name
+		if [ -f "/etc/fail2ban/jail.d/dolibarr_${name}.conf" ]; then
+		  echo "The jail 'etc/fail2ban/jail.d/dolibarr_${name}.conf' alredy exist."
+		  exit
+		fi
+		cp $workdir/fail2ban/dolibarr_filter.conf /etc/fail2ban/filter.d/dolibarr.conf
+		cp $workdir/fail2ban/dolibarr_jail.conf /etc/fail2ban/jail.d/dolibarr_${name}.conf
+		sed -i "s|LOG_PATH|$workdir/dolibarr_src/documents/dolibarr.log|g" /etc/fail2ban/jail.d/dolibarr_${name}.conf
+		;;
     *)
         echo "ERROR: No command given"
         usage
diff --git a/fail2ban/dolibarr_filter.conf b/fail2ban/dolibarr_filter.conf
new file mode 100644
index 0000000000000000000000000000000000000000..131d286548bb660ebdc8db6484eedecca367c4c1
--- /dev/null
+++ b/fail2ban/dolibarr_filter.conf
@@ -0,0 +1,20 @@
+# Fail2Ban configuration file
+#
+# Regexp to detect try to check a couple login/password so we can add mitigation
+# on IP making too much tries.
+
+
+[Definition]
+
+# To test, you can inject this example into log
+# echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4         functions_dolibarr::check_user_password_abcd Authentication KO" >> /mypath/documents/dolibarr.log
+#
+# then
+# fail2ban-client status web-dolibarr-rulesbruteforce
+#
+# To test rule file on a existing log file
+# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf --print-all-matched
+
+#failregex = ^ [A-Z\s]+ <HOST>\s+functions_.*::check_user_.* Authentication KO
+failregex = ^.*NOTICE\s+<HOST>\s+\d+\s+\d+\s+functions_[^\s]+::check_user_[^\s]+ Authentication KO
+ignoreregex =
diff --git a/fail2ban/dolibarr_jail.conf b/fail2ban/dolibarr_jail.conf
new file mode 100644
index 0000000000000000000000000000000000000000..083996d87660d5160b4fe644dd62fe17ef5e3f3b
--- /dev/null
+++ b/fail2ban/dolibarr_jail.conf
@@ -0,0 +1,9 @@
+[dolibarr]
+enabled = true
+filter = dolibarr
+logpath = LOG_PATH
+chain = DOCKER-USER
+port = http,https
+findtime = 130m
+banaction = docker-page
+maxretry = 5