I use Xen Vm´s, and ispconfig firewall blocks all traffic for the vm ips. Problem : Vm Ips traffic block by firewall on dom0. Why : Iptables are working with port not iport. resolution: Iptables need to use for example (dom0) server ip(s) only. Just an idea, i have a script to add "Spamhaus drop list" to ispconfig iptables, if u add that will make fail2ban work less and will be better performance in global ispconfig needs. thanks.