diff --git a/conf/blocklist/sync-fail2ban b/conf/blocklist/sync-fail2ban
new file mode 100644
index 00000000..3ee9c23a
--- /dev/null
+++ b/conf/blocklist/sync-fail2ban
@@ -0,0 +1,85 @@
+#!/bin/bash
+
+##  Update fail2ban iptables with globally known attackers.
+##  Actually, runs 100% independently now, without needing fail2ban installed.
+##
+##  /etc/cron.daily/sync-fail2ban
+##
+## Author: Marcos Kobylecki <fail2ban.globalBlackList@askmarcos.com>
+## http://www.reddit.com/r/linux/comments/2nvzur/shared_blacklists_from_fail2ban/
+
+
+## Quit if fail2ban is missing.  Maybe this fake requirement can be skipped? YES.
+#PROGRAM=/etc/init.d/fail2ban
+#[ -x $PROGRAM ] || exit 0
+
+datadir=/etc/fail2ban
+[[ -d "$datadir" ]] || datadir=/tmp
+
+## Get default settings of fail2ban (optional?)
+[ -r /etc/default/fail2ban ] && . /etc/default/fail2ban
+
+umask 000
+blacklistf=$datadir/blacklist.blocklist.de.txt
+
+mv -vf  $blacklistf  $blacklistf.last
+
+badlisturls="http://antivirus.neu.edu.cn/ssh/lists/base_30days.txt http://lists.blocklist.de/lists/ssh.txt  http://lists.blocklist.de/lists/bruteforcelogin.txt"
+
+
+ iptables -vN fail2ban-ssh   # Create the chain if it doesn't exist. Harmless if it does.
+  
+# Grab list(s) at https://www.blocklist.de/en/export.html .  Block.
+echo "Adding new blocks:"
+ time  curl -s http://lists.blocklist.de/lists/ssh.txt  http://lists.blocklist.de/lists/bruteforcelogin.txt \
+  |sort -u \
+  |tee $blacklistf \
+  |grep -v '^#\|:' \
+  |while read IP; do iptables -I fail2ban-ssh 1 -s $IP -j DROP; done 
+
+
+
+# Which listings had been removed since last time?  Unblock.
+echo "Removing old blocks:"
+if [[ -r  $blacklistf.diff ]]; then
+  #       comm  is brittle, cannot use sort -rn 
+ time  comm -23 $blacklistf.last  $blacklistf \
+   |tee $blacklistf.delisted \
+   |grep -v '^#\|:' \
+   |while read IP; do  iptables -w -D fail2ban-ssh -s $IP -j DROP || iptables -wv -D fail2ban-ssh -s $IP -j LOGDROP; done 
+
+fi
+
+
+# prepare for next time.
+	diff -wbay $blacklistf.last $blacklistf  > $blacklistf.diff 
+
+
+
+
+
+# Saves a copy of current iptables rules, should you like to check them later.
+(set -x; iptables -wnv -L --line-numbers; iptables -wnv -t nat -L --line-numbers) &> /tmp/iptables.fail2ban.log &
+
+
+exit 
+
+# iptables v1.4.21: host/network `2a00:1210:fffe:145::1' not found
+# So weed out IPv6, try |grep -v ':' 
+
+## http://ix.io/fpC
+
+ 
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype># Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
\ No newline at end of file
diff --git a/setup/system.sh b/setup/system.sh
index 245ce754..af7afdf4 100755
--- a/setup/system.sh
+++ b/setup/system.sh
@@ -329,7 +329,7 @@ restart_service fail2ban
 
 # Add Blocklist.de malicious IP Addresses to Daily Crontab
 # Added by Alon "ChiefGyk" Ganon
-curl -s https://gist.githubusercontent.com/klepsydra/ecf975984b32b1c8291a/raw > /etc/cron.daily/sync-fail2ban
+cp conf/blocklist/sync-fail2ban /etc/cron.daily/sync-fail2ban
 chmod a+x /etc/cron.daily/sync-fail2ban
 time /etc/cron.daily/sync-fail2ban