diff --git a/ansible/roles/base/files/ssh-jail.conf b/ansible/roles/base/files/ssh-jail.conf
index f64b9a2..fce4c08 100644
--- a/ansible/roles/base/files/ssh-jail.conf
+++ b/ansible/roles/base/files/ssh-jail.conf
@@ -4,4 +4,4 @@ bantime  = 600
 findtime = 30
 maxretry = 5
 port     = {{ ssh_port }},ssh
-ignoreip = {{ wireguard.cidr }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }}
diff --git a/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf b/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
index 5b85518..0292387 100644
--- a/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
+++ b/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
@@ -7,4 +7,4 @@ filter   = haproxy-basic
 backend  = systemd
 journalmatch = _COMM=haproxy
 port     = http,https
-ignoreip = {{ wireguard.cidr }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }}