Indeed such problem exists and there is a note in README.Debian: Currently no checks if an iptables queue generated at the beginning (fail2ban-http and fail2ban-ssh) exists. So if your firewall resets the iptable rules -- it is your responsibility to restart fail2ban.
Upstream author decided to postpone an introduction of the check for the chain, and the fact that it can be used without a chain (adding/removing directly from INPUT) was suggested as a temporary solution. I leave the bug opened as a reminder for the TODO :-) -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555]
pgpYoYOap1Sub.pgp
Description: PGP signature