2026-02-24 19:22:28 +01:00
2 changed files with 7 additions and 1 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -35,8 +35,9 @@
 - name: Restart fail2ban
  ansible.builtin.systemd:
    name: fail2ban
-    state: restarted
+    state: reloaded

 - name: Reload pve firewall
  ansible.builtin.command: pve-firewall reload
+  when: fw_compile_check.rc == 0
  changed_when: false
--- a/tasks/fail2ban.yml
+++ b/tasks/fail2ban.yml
@@ -148,6 +148,11 @@
  changed_when: false
  when: cluster_status.stat.exists

+- name: Validate Proxmox firewall configuration
+  ansible.builtin.command: pve-firewall compile
+  register: fw_compile_check
+  changed_when: false
+  
 # Then automatically whitelist it in Fail2Ban:
 # ignoreip = 127.0.0.1/8 {{ corosync_ip.stdout }}