diff --git a/CHANGELOG.md b/CHANGELOG.md
index b1e9a679..c07fdd21 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -25,6 +25,7 @@ The **patch** part changes incrementally at each release.
 * evocheck: update evocheck.sh for source install
 
 ### Fixed
+* fail2ban: fix "ignoreip" update
 * metricbeat: fix username/password replacement
 * nagios-nrpe: check_process now return the error code (making the check more usefull than /bin/true)
 * nginx: Munin url config is now a template to insert the server-status prefix
diff --git a/fail2ban/tasks/ip_whitelist.yml b/fail2ban/tasks/ip_whitelist.yml
index 3bdd05f3..77f7c21c 100644
--- a/fail2ban/tasks/ip_whitelist.yml
+++ b/fail2ban/tasks/ip_whitelist.yml
@@ -1,9 +1,13 @@
 ---
+
+- set_fact:
+    fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
+
 - name: Update ignoreips lists
   ini_file:
     dest: /etc/fail2ban/jail.local
-    section: "[DEFAULT]"
-    option: "ignoreips"
+    section: "DEFAULT"
+    option: "ignoreip"
     value: "{{ fail2ban_ignore_ips | join(' ') }}"
   notify: restart fail2ban
   tags:
diff --git a/fail2ban/tasks/main.yml b/fail2ban/tasks/main.yml
index 9dd89aeb..6e97fb2d 100644
--- a/fail2ban/tasks/main.yml
+++ b/fail2ban/tasks/main.yml
@@ -16,7 +16,9 @@
     - fail2ban
 
 - set_fact:
-    fail2ban_ignore_ips: "{{ fail2ban_default_ignore_ips | union(fail2ban_additional_ignore_ips) | unique }}"
+    fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
+  tags:
+    - fail2ban
 
 - name: local jail is installed
   template: