diff --git a/modules/fail2ban/default.nix b/modules/fail2ban/default.nix
index 3b80851..54d9b01 100644
--- a/modules/fail2ban/default.nix
+++ b/modules/fail2ban/default.nix
@@ -2,6 +2,7 @@
 {
   services.fail2ban = {
     enable = true;
+    banaction = "iptables-multiport[blocktype=DROP]";
     jails.sshd = ''
       enabled = true
       port = 22