diff --git a/hosts/zora/reverse-proxy.nix b/hosts/zora/reverse-proxy.nix
index 9e18e02..29b0364 100644
--- a/hosts/zora/reverse-proxy.nix
+++ b/hosts/zora/reverse-proxy.nix
@@ -19,6 +19,10 @@
         locations."/" = {
           root = "/var/data/www/lyes.eu/";
         };
+        extraConfig = ''
+          allow 82.67.15.247;
+          deny all;
+        '';
       };
       # 44300
       "auth.lyes.eu" = {
diff --git a/modules/server/default.nix b/modules/server/default.nix
index 011e5ae..e6f4fca 100644
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@@ -3,6 +3,16 @@
 {
   services.openssh.enable = true;
 
+  services.fail2ban = {
+    enable = true;
+    ignoreIP = [
+      "82.67.15.247"
+      "185.230.78.0/23"
+    ];
+    bantime = "1h";
+    bantime-increment.enable = true;
+  };
+
   boot.swraid = {
     enable = true;
     mdadmConf = ''