diff --git a/fail2ban/defaults/main.yml b/fail2ban/defaults/main.yml
index ba35f912..f08bdf6a 100644
--- a/fail2ban/defaults/main.yml
+++ b/fail2ban/defaults/main.yml
@@ -1,3 +1,4 @@
 ---
 general_alert_email: "root@localhost"
 fail2ban_alert_email: Null
+fail2ban_ignoreip: []
diff --git a/fail2ban/tasks/main.yml b/fail2ban/tasks/main.yml
index d7a22f71..b5583a98 100644
--- a/fail2ban/tasks/main.yml
+++ b/fail2ban/tasks/main.yml
@@ -4,6 +4,7 @@
     name: fail2ban
     state: present
   tags:
+    - fail2ban
     - packages
 
 - name: custom filters are installed
@@ -15,6 +16,8 @@
     - dovecot-evolix.conf
     - sasl-evolix.conf
   notify: restart fail2ban
+  tags:
+    - fail2ban
 
 - name: local jail is installed
   template:
@@ -22,3 +25,5 @@
     dest: /etc/fail2ban/jail.local
     mode: "0644"
   notify: restart fail2ban
+  tags:
+    - fail2ban
diff --git a/fail2ban/templates/jail.local.j2 b/fail2ban/templates/jail.local.j2
index e7d0545d..9d56f296 100644
--- a/fail2ban/templates/jail.local.j2
+++ b/fail2ban/templates/jail.local.j2
@@ -3,7 +3,12 @@
 [DEFAULT]
 
 # "ignoreip" can be an IP address, a CIDR mask or a DNS host
-ignoreip = 127.0.0.1/8
+ignoreip = \
+{% for ip in fail2ban_ignoreip %}
+{{ ip }}, \
+{% endfor %}
+127.0.0.1/8
+
 bantime  = 600
 maxretry = 3