diff --git a/policy/modules/services/fail2ban.if b/policy/modules/services/fail2ban.if
index aa53435..83d0241 100644
--- a/policy/modules/services/fail2ban.if
+++ b/policy/modules/services/fail2ban.if
@@ -98,6 +98,26 @@ interface(`fail2ban_read_pid_files',`
allow $1 fail2ban_var_run_t:file read_file_perms;
')
+#####################################
+##
+## Connect to fail2ban over a unix domain
+## stream socket.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`fail2ban_stream_connect',`
+ gen_require(`
+ type fail2ban_t, fail2ban_var_run_t;
+ ')
+
+ files_search_pids($1)
+ stream_connect_pattern($1, fail2ban_var_run_t, fail2ban_var_run_t, fail2ban_t)
+')
+
########################################
##
## All of the rules required to administrate
@@ -135,3 +155,21 @@ interface(`fail2ban_admin',`
files_list_pids($1)
admin_pattern($1, fail2ban_var_run_t)
')
+
+########################################
+##
+## Read and write to an fail2ban unix stream socket.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`fail2ban_rw_stream_sockets',`
+ gen_require(`
+ type fail2ban_t;
+ ')
+
+ allow $1 fail2ban_t:unix_stream_socket rw_stream_socket_perms;
+')