Fail2Ban

Fixed sleep in all jails would not resolve the issue reliably: you have to
use variable duration for sleep.
If you have bash for your shell -- add

sleep ${RANDOM:0:1}.${RANDOM: -1:1}

at the beginning of actionstart/actionstop

See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=554162 for more
information

Also, see the patch at
https://sourceforge.net/tracker/?func=detail&aid=2857096&group_id=121032&atid=689046
which I believe addresses this

In the previous comment, the lines following "actionstart =" should be
indented (my leading spaces were stripped).

I have the same problem sometimes. It seems if you have a lot of jails (I
have 6), there is a race condition of some kind between fail2ban and
iptables that causes the

iptables -I INPUT... -j fail2ban-<name>

to fail because it executes before the

iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN

have fully completed. I have worked around this with the following in
/etc/fail2ban/action.d/iptables-allports.local (iptables-allports is the
only action I use)

[Definition]
# add a sleep to try to avoid apparent race in iptables
#
actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
sleep 1
iptables -I INPUT -p <protocol> -j fail2ban-<name>