diff --git a/fail2ban/files/jail.d/nextcloud.local b/fail2ban/files/jail.d/nextcloud.local
new file mode 100644
index 0000000..d75d693
--- /dev/null
+++ b/fail2ban/files/jail.d/nextcloud.local
@@ -0,0 +1,10 @@
+[nextcloud]
+backend = auto
+enabled = true
+port = 80,443
+protocol = tcp
+filter = nextcloud
+maxretry = 3
+bantime = 1w
+findtime = 1d
+logpath = /srv/podman/containers/storage/volumes/nextcloud-data/_data/data/nextcloud.log
diff --git a/fail2ban/files/jail.local b/fail2ban/files/jail.local
index 6bbdc66..b361868 100644
--- a/fail2ban/files/jail.local
+++ b/fail2ban/files/jail.local
@@ -89,7 +89,7 @@ before = paths-opensuse.conf
 # "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
 # will not ban a host which matches an address in this list. Several addresses
 # can be defined using space (and/or comma) separator.
-#ignoreip = 127.0.0.1/8 ::1
+ignoreip = 127.0.0.1/8 ::1 10.2.0.101 10.0.10.156 10.0.10.174
 
 # External command that will take an tagged arguments to ignore, e.g. <ip>,
 # and return true if the IP is to be ignored. False otherwise.