diff --git a/sbin/firewall-list-ruleset.sh b/sbin/firewall-list-ruleset.sh
index 90c4e4d..75318d2 100755
--- a/sbin/firewall-list-ruleset.sh
+++ b/sbin/firewall-list-ruleset.sh
@@ -1,7 +1,16 @@
 #!/bin/bash
 
 # firewalld is using nftables
-nft list table inet firewalld
+# call this script without any options to output the entire ruleset
+# or provide one argument as a "set" (e.g. "fail2ban") to return only that IP set.
+
+# if "set" arg is provided only return that info
+if [ -n "$1" ]; then
+  nft list set inet firewalld $1
+else
+  # no "set" specified, return entire table
+  nft list table inet firewalld
+fi
 
 # you can also export the current ruleset in json format:
 # nft -j list ruleset