Index: modules/fail2ban/manifests/init.pp
===================================================================
new file mode 100644
--- /dev/null
+++ b/modules/fail2ban/manifests/init.pp
@@ -0,0 +1,98 @@
+# == Class: fail2ban
+#
+# Create and maintain fail2ban (http://www.fail2ban.org/) setups.
+#
+# == Parameters:
+#
+# [*jail_config*]
+#   Adds jail.local to the default configuration of fail2ban.
+#   By default it will have the following parameters:
+#     'enabled' => 'true',
+#     'port' => 'all',
+#     'maxretry' => 6,
+#     'banaction' => 'iptables-allports',
+#     'bantime' => 3600,
+#
+#   Note that 'port' parameter needs to be an actual port
+#   otherwise it will fail if there is no 'banaction' declared.
+#   Some options can be: http, https, ftp, etc.
+#
+# [*package*]
+#   Overwrite the default package options, to fine-tune the target version (i.e.
+#   ensure => 'latest') or remove fail2ban (ensure => 'absent' or 'purged')
+#
+# [*service*]
+#   Overwrite the default service options.
+#
+# [*filters*]
+#   Adds adittional filters to the filters.d folder.
+# === Examples:
+#
+#  class {'fail2ban':
+#    package => {ensure => 'present',},
+#    service => {},
+#    jail_config => {
+#      'CVE-2013-0235' => {
+#        logpath => '/var/log/nginx/access_log_hg',        
+#      }
+#    },
+#    filters => {
+#      'CVE-2013-0235' => {
+#        failregex => [
+# 	   '^<HOST>.*\"WordPress\/.*',
+# 	 ],
+#      }
+#    },
+#  }
+class fail2ban (
+  $package = {},
+  $service = {},
+  $jail_config = {},
+  $filters = {},
+) {
+
+  include stdlib
+
+  $jail_default = {
+    'enabled' => 'true',
+    'port' => 'all',
+    'maxretry' => 6,
+    'banaction' => 'iptables-allports',
+    'bantime' => 3600,
+  }
+
+  ensure_resource('package', $title, $package)
+
+  # Used as default $ensure parameter for most resources below
+  $ensure = getparam(Package[$title], 'ensure') ? {
+    /^(absent|purged)$/ => 'absent',	
+    default => 'present',
+  }
+
+  # Service resources don't properly support the concept of absence
+  if ($ensure == 'present') {
+
+    ensure_resource('service', $title, $service)
+    # See modules/fail2ban/manifests/filter.pp
+    create_resources('fail2ban::filter', $filters)
+    
+    # According to the docs one can also enable filters that are
+    # already in there, so the config file should be done separately
+    # of the filters, another thing to conside is the possibility of
+    # having the filters configured but not activated, so no conf is
+    # passed.
+    if jail_config != undef {
+      file {'/etc/fail2ban/jail.local':
+        ensure => present,
+        group => 'root',
+        mode => '0644',
+        owner => 'root',
+        content => template("fail2ban/jail.erb"),
+        notify => Service[$title],
+      }
+    }
+
+    Package[$title] -> File['/etc/fail2ban/jail.local']
+  }
+
+}
\ No newline at end of file