diff --git a/envoy/config/filter/http/fault/v2/fault.proto b/envoy/config/filter/http/fault/v2/fault.proto
index aaffbc1f..eb763da7 100644
--- a/envoy/config/filter/http/fault/v2/fault.proto
+++ b/envoy/config/filter/http/fault/v2/fault.proto
@@ -11,6 +11,8 @@ import "envoy/api/v2/route/route.proto";
 import "envoy/config/filter/fault/v2/fault.proto";
 import "envoy/type/percent.proto";
 
+import "google/protobuf/wrappers.proto";
+
 import "validate/validate.proto";
 
 // [#protodoc-title: Fault Injection]
@@ -63,4 +65,18 @@ message HTTPFault {
   // <config_http_conn_man_headers_downstream-service-node>` header and compared
   // against downstream_nodes list.
   repeated string downstream_nodes = 5;
+
+  // The maximum number of faults that can be active at a single time via the configured fault
+  // filter. Note that because this setting can be overridden at the route level, it's possible
+  // for the number of active faults to be greater than this value (if injected via a different
+  // route). If not specified, defaults to unlimited. This setting can be overridden via
+  // `runtime <config_http_filters_fault_injection_runtime>` and any faults that are not injected
+  // due to overflow will be indicated via the `faults_overflow
+  // <config_http_filters_fault_injection_stats>` stat.
+  //
+  // .. attention::
+  //   Like other :ref:`circuit breakers <arch_overview_circuit_break>` in Envoy, this is a fuzzy
+  //   limit. It's possible for the number of active faults to rise slightly above the configured
+  //   amount due to the implementation details.
+  google.protobuf.UInt32Value max_active_faults = 6;
 }