diff --git a/README.md b/README.md
index 312d7d6..77f4038 100644
--- a/README.md
+++ b/README.md
@@ -1063,6 +1063,12 @@ Default : value : *15*
 Context : *global*  
 The number of "strange" HTTP status codes to find between the time interval.
 
+`FAIL2BAN_IGNOREIP`  
+Values : *\<list of IP addresses or subnet separated with spaces\>*   
+Default value : 127.0.0.1/8 192.168.0.0/16 172.16.0.0/16  
+Context : *global*  
+IPs or subnet which should never be ban by fail2ban.
+
 ## ClamAV
 
 `USE_CLAMAV_UPLOAD`  
diff --git a/entrypoint/defaults.sh b/entrypoint/defaults.sh
index 7de2728..1dccfea 100644
--- a/entrypoint/defaults.sh
+++ b/entrypoint/defaults.sh
@@ -67,6 +67,7 @@ FAIL2BAN_STATUS_CODES="${FAIL2BAN_STATUS_CODES-400|401|403|404|405|444}"
 FAIL2BAN_BANTIME="${FAIL2BAN_BANTIME-3600}"
 FAIL2BAN_FINDTIME="${FAIL2BAN_FINDTIME-60}"
 FAIL2BAN_MAXRETRY="${FAIL2BAN_MAXRETRY-15}"
+FAIL2BAN_IGNOREIP="${FAIL2BAN_IGNOREIP-127.0.0.1/8 192.168.0.0/16 172.16.0.0/16}"
 USE_CLAMAV_UPLOAD="${USE_CLAMAV_UPLOAD-yes}"
 USE_CLAMAV_SCAN="${USE_CLAMAV_SCAN-yes}"
 CLAMAV_SCAN_REMOVE="${CLAMAV_SCAN_REMOVE-yes}"
diff --git a/entrypoint/global-config.sh b/entrypoint/global-config.sh
index 5792ec0..f103252 100644
--- a/entrypoint/global-config.sh
+++ b/entrypoint/global-config.sh
@@ -271,6 +271,7 @@ if [ "$(has_value USE_FAIL2BAN yes)" != "" ] ; then
 	replace_in_file "/etc/fail2ban/jail.d/nginx-jail.local" "%FAIL2BAN_BANTIME%" "$FAIL2BAN_BANTIME"
 	replace_in_file "/etc/fail2ban/jail.d/nginx-jail.local" "%FAIL2BAN_FINDTIME%" "$FAIL2BAN_FINDTIME"
 	replace_in_file "/etc/fail2ban/jail.d/nginx-jail.local" "%FAIL2BAN_MAXRETRY%" "$FAIL2BAN_MAXRETRY"
+	replace_in_file "/etc/fail2ban/jail.d/nginx-jail.local" "%FAIL2BAN_IGNOREIP%" "$FAIL2BAN_IGNOREIP"
 	replace_in_file "/etc/fail2ban/filter.d/nginx-filter.local" "%FAIL2BAN_STATUS_CODES%" "$FAIL2BAN_STATUS_CODES"
 fi