Glad you like them, thank you

excellent

You can configure firewalls with Ansible but as it sets the desired state it is hard to specify the IPs you want to block. Using Fail2Ban you can install and configure with Ansible and Fail2Ban does all of the work for you

You could possibly run the command and register the output, then loop through it using the firewalld module, I wonder if that would make sense?

I do not know how familiar you are with linux distributions, but you do not choose Rhel or Rhel like oses (Alma, Rocky, Cloud) cause you want the newest and greatest software. You normaly choose it cause those distributions are very stable. - Fedora is like a Playground, before most features come to RHEL its in a "beta" like fedora release - OpenSUSE is something diffrent, it is like fedora but for SLES(SUSE Enterprise Linux Server)

Maybe he is working like me for a company or authority where your customers force you to e.g. run Oracle, SAP, JBoss, OpenShift etc. where you virtually end up on RHEL. On my private laptop I too prefer running Fedora. I am also glad that Rocky and Alma continue with a replacement for the discontinued (2024) CentOS (not CentOS Stream).

Thank you

you could add a simple grep -v as the final command in the pipleline

I use keys

You could use an extra grep -v to make sure you are not locked out.

For public classes that use SSH

How else to manage your (remote) server?

@@home-lab when I said open I meant open to the Internet.

Maybe one could open it on demand through some port knocking pattern.