From 3afa853d091b771bb5803a795bb4aad21ab69cef Mon Sep 17 00:00:00 2001
From: Jose <joseraj@gmail.com>
Date: Mon, 23 Feb 2026 18:35:10 +0100
Subject: [PATCH] =?UTF-8?q?feat=20=E2=9C=A8:=20Add=20new=20variable=20f2b?=
 =?UTF-8?q?=5Funban=5Fip=20for=20specifying=20an=20IP=20to=20unban=20durin?=
 =?UTF-8?q?g=20playbook=20execution.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Introduce a new variable `f2b_unban_ip` in the Ansible playbook to allow users to specify an IP address that should be unbanned using Fail2Ban. This feature enhances the flexibility of the playbook by enabling targeted IP management.
---
 defaults/main.yml  |  1 +
 handlers/main.yml  |  2 +-
 tasks/fail2ban.yml | 33 +++++++++++++++++++++++++++++++++
 3 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index c8b9241..409d541 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -59,3 +59,4 @@ f2b_ipset_name: f2b-blacklist
 f2b_bantime_increment: true
 f2b_bantime_factor: 2
 f2b_bantime_max: 86400
+f2b_unban_ip: ""              # ansible-playbook play.yml -e f2b_unban_ip=192.168.1.55
\ No newline at end of file
diff --git a/handlers/main.yml b/handlers/main.yml
index b742109..1aaed43 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -35,4 +35,4 @@
 - name: Restart fail2ban
   ansible.builtin.systemd:
     name: fail2ban
-    state: restarted
\ No newline at end of file
+    state: restarted
diff --git a/tasks/fail2ban.yml b/tasks/fail2ban.yml
index 5643e6a..b6b38dc 100644
--- a/tasks/fail2ban.yml
+++ b/tasks/fail2ban.yml
@@ -234,3 +234,36 @@
 - name: fail2ban | Reload Proxmox firewall
   ansible.builtin.command: pve-firewall reload
   changed_when: false
+
+#################################################
+# List banned IPs cluster-wide
+#################################################
+
+- name: fail2ban | Get banned IPs from Proxmox IPSet
+  ansible.builtin.command: pve-firewall ipset list {{ f2b_ipset_name }}
+  register: banned_ips
+  changed_when: false
+  failed_when: false
+
+- name: fail2ban | Show banned IPs
+  ansible.builtin.debug:
+    msg: >
+      Current banned IPs (cluster-wide):
+      {{ banned_ips.stdout_lines | default([]) }}
+
+#################################################
+# Manual unban
+#################################################
+
+- name: fail2ban | Unban specific IP
+  ansible.builtin.command: >
+    pve-firewall ipset del {{ f2b_ipset_name }} {{ f2b_unban_ip }}
+  when: f2b_unban_ip | length > 0
+  register: unban_result
+  changed_when: "'removed' in unban_result.stdout or unban_result.rc == 0"
+  failed_when: false
+
+- name: fail2ban | Report unban result
+  ansible.builtin.debug:
+    msg: "Unbanned IP {{ f2b_unban_ip }}"
+  when: f2b_unban_ip | length > 0
\ No newline at end of file