diff --git a/Fail2Ban-Setup.md b/Fail2Ban-Setup.md
index 9973105..0162721 100644
--- a/Fail2Ban-Setup.md
+++ b/Fail2Ban-Setup.md
@@ -1,3 +1,81 @@
+# Radicale >= 3.0.0
+
+(i) Radicale >= 3.0.0 logs to stdout which is usually catched by 'systemd/journald'
+
+## Radicale without reverse proxy
+
+### filter configuration
+
+Example: /etc/fail2ban/filter.d/radicale.conf
+
+```
+[INCLUDES]
+before = common.conf
+
+[Definition]
+failregex = ^.*Failed\slogin\sattempt\sfrom\s<HOST>:\s.*
+
+[Init]
+```
+
+### jail configuration
+
+Example: /etc/fail2ban/jail.d/90-radicale.conf 
+
+Adjust `port` according to configuration
+
+```
+[radicale]
+enabled = true
+port = 5232
+filter = radicale
+banaction = %(banaction_allports)s[name=radicale]
+backend = systemd
+journalmatch = _SYSTEMD_UNIT=radicale.service
+maxretry = 2
+bantime = -1
+ignoreip = 127.0.0.1
+findtime = 14400
+```
+
+
+## Radicale behind reverse proxy
+
+### filter configuration
+
+Example: /etc/fail2ban/filter.d/radicale.conf
+
+```
+[INCLUDES]
+before = common.conf
+
+[Definition]
+failregex = ^.*Failed\slogin\sattempt\sfrom\s.*\(forwarded for \'<HOST>\'.*\):\s.*
+
+[Init]
+```
+
+### jail configuration
+
+Example: /etc/fail2ban/jail.d/90-radicale.conf 
+
+Adjust `port` according to your reverse proxy configuration
+
+```
+[radicale]
+enabled = true
+port = 80, 443
+filter = radicale
+banaction = %(banaction_allports)s[name=radicale]
+backend = systemd
+journalmatch = _SYSTEMD_UNIT=radicale.service
+maxretry = 2
+bantime = -1
+ignoreip = 127.0.0.1
+findtime = 14400
+```
+
+# Legacy example
 To use Fail2Ban with radicale change Logging to `INFO`
 
 Configs for fail2ban