defaults/main.yml

@@ -59,3 +59,4 @@ f2b_ipset_name: f2b-blacklist
 f2b_bantime_increment: true
 f2b_bantime_factor: 2
 f2b_bantime_max: 86400
+f2b_unban_ip: ""              # ansible-playbook play.yml -e f2b_unban_ip=192.168.1.55

handlers/main.yml

@@ -35,4 +35,4 @@
 - name: Restart fail2ban
   ansible.builtin.systemd:
     name: fail2ban
-    state: restarted
+    state: restarted

tasks/fail2ban.yml

@@ -234,3 +234,36 @@
 - name: fail2ban | Reload Proxmox firewall
   ansible.builtin.command: pve-firewall reload
   changed_when: false
+
+#################################################
+# List banned IPs cluster-wide
+#################################################
+
+- name: fail2ban | Get banned IPs from Proxmox IPSet
+  ansible.builtin.command: pve-firewall ipset list {{ f2b_ipset_name }}
+  register: banned_ips
+  changed_when: false
+  failed_when: false
+
+- name: fail2ban | Show banned IPs
+  ansible.builtin.debug:
+    msg: >
+      Current banned IPs (cluster-wide):
+      {{ banned_ips.stdout_lines | default([]) }}
+
+#################################################
+# Manual unban
+#################################################
+
+- name: fail2ban | Unban specific IP
+  ansible.builtin.command: >
+    pve-firewall ipset del {{ f2b_ipset_name }} {{ f2b_unban_ip }}
+  when: f2b_unban_ip | length > 0
+  register: unban_result
+  changed_when: "'removed' in unban_result.stdout or unban_result.rc == 0"
+  failed_when: false
+
+- name: fail2ban | Report unban result
+  ansible.builtin.debug:
+    msg: "Unbanned IP {{ f2b_unban_ip }}"
+  when: f2b_unban_ip | length > 0