diff --git a/defaults/main.yml b/defaults/main.yml
index c8b9241..409d541 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -59,3 +59,4 @@ f2b_ipset_name: f2b-blacklist
 f2b_bantime_increment: true
 f2b_bantime_factor: 2
 f2b_bantime_max: 86400
+f2b_unban_ip: ""              # ansible-playbook play.yml -e f2b_unban_ip=192.168.1.55
\ No newline at end of file
diff --git a/handlers/main.yml b/handlers/main.yml
index b742109..1aaed43 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -35,4 +35,4 @@
 - name: Restart fail2ban
   ansible.builtin.systemd:
     name: fail2ban
-    state: restarted
\ No newline at end of file
+    state: restarted
diff --git a/tasks/fail2ban.yml b/tasks/fail2ban.yml
index 5643e6a..b6b38dc 100644
--- a/tasks/fail2ban.yml
+++ b/tasks/fail2ban.yml
@@ -234,3 +234,36 @@
 - name: fail2ban | Reload Proxmox firewall
   ansible.builtin.command: pve-firewall reload
   changed_when: false
+
+#################################################
+# List banned IPs cluster-wide
+#################################################
+
+- name: fail2ban | Get banned IPs from Proxmox IPSet
+  ansible.builtin.command: pve-firewall ipset list {{ f2b_ipset_name }}
+  register: banned_ips
+  changed_when: false
+  failed_when: false
+
+- name: fail2ban | Show banned IPs
+  ansible.builtin.debug:
+    msg: >
+      Current banned IPs (cluster-wide):
+      {{ banned_ips.stdout_lines | default([]) }}
+
+#################################################
+# Manual unban
+#################################################
+
+- name: fail2ban | Unban specific IP
+  ansible.builtin.command: >
+    pve-firewall ipset del {{ f2b_ipset_name }} {{ f2b_unban_ip }}
+  when: f2b_unban_ip | length > 0
+  register: unban_result
+  changed_when: "'removed' in unban_result.stdout or unban_result.rc == 0"
+  failed_when: false
+
+- name: fail2ban | Report unban result
+  ansible.builtin.debug:
+    msg: "Unbanned IP {{ f2b_unban_ip }}"
+  when: f2b_unban_ip | length > 0
\ No newline at end of file