ansible-roles/fail2ban/tasks/ip_whitelist.yml

---

- name: "Define the whitelist from variables"
  set_fact:
    fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"

- name: Update ignoreips lists
  ini_file:
    dest: /etc/fail2ban/jail.local
    section: "DEFAULT"
    option: "ignoreip"
    value: "{{ fail2ban_ignore_ips | join(' ') }}"
  notify: restart fail2ban
  tags:
    - fail2ban
    - ips