Indeed such problem exists and there is a note in README.Debian: Currently no checks if an iptables queue generated at the beginning (fail2ban-http and fail2ban-ssh) exists. So if your firewall resets the iptable rules -- it is your responsibility to restart fail2ban.
Upstream author decided to postpone an introduction of the check for the
chain, and the fact that it can be used without a chain
(adding/removing directly from INPUT) was suggested as a temporary
solution.
I leave the bug opened as a reminder for the TODO :-)
--
.-.
=------------------------------ /v\ ----------------------------=
Keep in touch // \\ (yoh@|www.)onerussian.com
Yaroslav Halchenko /( )\ ICQ#: 60653192
Linux User ^^-^^ [175555]
pgpYoYOap1Sub.pgp
Description: PGP signature
