diff --git a/ansible/roles/base/files/ssh-jail.conf b/ansible/roles/base/files/ssh-jail.conf
index fce4c08..0e97596 100644
--- a/ansible/roles/base/files/ssh-jail.conf
+++ b/ansible/roles/base/files/ssh-jail.conf
@@ -4,4 +4,4 @@ bantime  = 600
 findtime = 30
 maxretry = 5
 port     = {{ ssh_port }},ssh
-ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }}
diff --git a/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf b/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
index 0292387..be58d56 100644
--- a/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
+++ b/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
@@ -7,4 +7,4 @@ filter   = haproxy-basic
 backend  = systemd
 journalmatch = _COMM=haproxy
 port     = http,https
-ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }}