feat ✨: Add new variable f2b_unban_ip for specifying an IP to unban during playbook execution.

Introduce a new variable `f2b_unban_ip` in the Ansible playbook to allow users to specify an IP address that should be unbanned using Fail2Ban. This feature enhances the flexibility of the playbook by enabling targeted IP management.

defaults/main.yml

@@ -59,3 +59,4 @@ f2b_ipset_name: f2b-blacklist
 f2b_bantime_increment: true
 f2b_bantime_factor: 2
 f2b_bantime_max: 86400
+f2b_unban_ip: ""              # ansible-playbook play.yml -e f2b_unban_ip=192.168.1.55

handlers/main.yml

@@ -35,4 +35,4 @@
 - name: Restart fail2ban
   ansible.builtin.systemd:
     name: fail2ban
-    state: restarted
+    state: restarted

tasks/fail2ban.yml

@@ -234,3 +234,36 @@
 - name: fail2ban | Reload Proxmox firewall
   ansible.builtin.command: pve-firewall reload
   changed_when: false
+
+#################################################
+# List banned IPs cluster-wide
+#################################################
+
+- name: fail2ban | Get banned IPs from Proxmox IPSet
+  ansible.builtin.command: pve-firewall ipset list {{ f2b_ipset_name }}
+  register: banned_ips
+  changed_when: false
+  failed_when: false
+
+- name: fail2ban | Show banned IPs
+  ansible.builtin.debug:
+    msg: >
+      Current banned IPs (cluster-wide):
+      {{ banned_ips.stdout_lines | default([]) }}
+
+#################################################
+# Manual unban
+#################################################
+
+- name: fail2ban | Unban specific IP
+  ansible.builtin.command: >
+    pve-firewall ipset del {{ f2b_ipset_name }} {{ f2b_unban_ip }}
+  when: f2b_unban_ip | length > 0
+  register: unban_result
+  changed_when: "'removed' in unban_result.stdout or unban_result.rc == 0"
+  failed_when: false
+
+- name: fail2ban | Report unban result
+  ansible.builtin.debug:
+    msg: "Unbanned IP {{ f2b_unban_ip }}"
+  when: f2b_unban_ip | length > 0