I have the following case:
Behind my pfsense there are several web services on clients secured with Fail2Ban.
The problem is that Fail2Ban only bans traffic to one specific service.
Is there a way to add a firewall rule over an API or something like that from a client on my LAN?
You may use UPnP or NAT-PMP if your services support this and configure the function on your pfSense.
There would also separate tools be available to set up the rules.