diff --git a/hosts/common/core/ssh.nix b/hosts/common/core/ssh.nix
index 6193f07..7169fdc 100644
--- a/hosts/common/core/ssh.nix
+++ b/hosts/common/core/ssh.nix
@@ -32,5 +32,11 @@
     };
   };
 
-  #services.fail2ban.enable = lib.mkDefault true; # This comes with an SSH jail preconfigured, expanded fail2ban can be found in modules/services
+  services.fail2ban = {
+    enable = lib.mkDefault true;
+    ignoreIP = [ # Expected internal IP ranges
+      "172.16.0.0/12"
+      "192.168.0.0/16"
+    ];
+  };
 }