diff --git a/tasks/fail2ban.yml b/tasks/fail2ban.yml
index 6179f38..153efa9 100644
--- a/tasks/fail2ban.yml
+++ b/tasks/fail2ban.yml
@@ -156,6 +156,12 @@
       }}
   when: pve_installed.stat.exists | default(false)
 
+- name: fail2ban | Show firewall config path
+  ansible.builtin.debug:
+    msg: >
+      WARNING: Proxmox firewall config path is:  {{ pve_firewall_config}}
+  when: pve_firewall_config is defined
+
 #################################################
 # Detect firewall configuration
 #################################################
@@ -172,15 +178,19 @@
   register: fw_content
   when: fw_stat.stat.exists | default(false)
 
+- name: fail2ban | Debug config contents
+  ansible.builtin.debug:
+    msg: >
+      {{ fw_content }}
+  when: not pve_firewall_enabled
+
 - name: fail2ban | Determine if firewall enabled
   ansible.builtin.set_fact:
     pve_firewall_enabled: >-
       {{
-        (fw_stat.stat.exists | default(false)) and
-        (
-          (fw_content.content | default('') | b64decode)
-          is search('enable:\s*1')
-        )
+        fw_stat.stat.exists and
+        (fw_content.content | b64decode)
+        is search('^enable:\s*1$', multiline=True)
       }}
 
 - name: fail2ban | Warn if firewall not enabled