diff --git a/conf/fail2ban/jail.local b/conf/fail2ban/jail.local
index 682ae0d8..6e7b77e2 100644
--- a/conf/fail2ban/jail.local
+++ b/conf/fail2ban/jail.local
@@ -1,5 +1,11 @@
 # Fail2Ban configuration file for Mail-in-a-Box
 
+[DEFAULT]
+# Whitelist our own IP addresses. 127.0.0.1/8 is the default. But our status checks
+# ping services over the public interface so we should whitelist that address of
+# ours too. The string is substituted during installation.
+ignoreip = 127.0.0.1/8 PUBLIC_IP
+
 # JAILS
 
 [ssh]
diff --git a/setup/system.sh b/setup/system.sh
index 125a4fe0..c00fcff4 100755
--- a/setup/system.sh
+++ b/setup/system.sh
@@ -1,3 +1,4 @@
+source /etc/mailinabox.conf
 source setup/functions.sh # load our functions
 
 # Basic System Configuration
@@ -198,7 +199,9 @@ restart_service resolvconf
 # ### Fail2Ban Service
 
 # Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix and ssh
-cp conf/fail2ban/jail.local /etc/fail2ban/jail.local
+cat conf/fail2ban/jail.local \
+	| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
+	> /etc/fail2ban/jail.local
 cp conf/fail2ban/dovecotimap.conf /etc/fail2ban/filter.d/dovecotimap.conf
 
 restart_service fail2ban