Fail2ban changes

Since version 0.9.3 fail2ban now uses the -w switch, which was introduced in iptables 1.4.20
As at CentOS 6.7, iptables version was 1.4.7 so updating to the latest version of fail2ban will result in a broken fail2ban. A new installation of fail2ban will also result in a non functioning fail2ban. However fear not! The fix can be found in the release notes and quoted below:

“* action.d/iptables-common.conf
– All calls to iptables command now use -w switch introduced in
iptables 1.4.20 (some distribution could have patched their
earlier base version as well) to provide this locking mechanism
useful under heavy load to avoid contesting on iptables calls.
If you need to disable, define ‘action.d/iptables-common.local’
with empty value for ‘lockingopt’ in `[Init]` section.”

For my systems these are /etc/fail2ban/actions.d/iptables-common.conf and iptables-allports.conf