This is a posting for those who administer Centos 6 based systems with the hope that it will save you some grief.

     There is a bug in the current version of fail2ban being distributed in the CentOS 6.7 repositories.  It will not create IP table entries.

     The cause is the inclusion of the -w (locking) flag in the current version of fail2ban which is not supported in the version of iptables used.

     The fix is to edit /etc/fail2ban/action.d/iptables-common.conf and remove the -w flag.