To All
Note that sme9 now blocks ssh logins after 3 incorrect attempts in 15 minutes, or as configured by a db entry.
See
http://wiki.contribs.org/AutoBlock
Great care should be taken by contrib developers to ensure that contrib functionality does not interfere with default sme server functionality.
Manipulating firewall rules should be done the "sme server way" to avoid weakening the very good & strong security of sme server.
Autoblock is a great feature and sme server is a secure distribution, no doubt about it. The sme-server way for configuring with db entries is solid and good.
Having said this, fail2ban is an extended security feature that even improves on security. You should absolutely not take this as doubting the security of sme. It is just an added feature that has arisen somewhere in the open source community.
As for using the db feature for on-the-fly blocking of ip-addresses by fail2ban, this seems as ni improvement to me. It makes something that works very well, and is very light, heavy and complex and needlessly difficult to maintain in my opinion. A server under heavy load with a severe portscan should not have to run a bunch of perlscripts to ban an ip address.
The iptables rulesof fail2ban insert themself in the beginning of the iptables input chain and work fine and fast without interfearing with any sme iptables rules. No need to worry as far as I can see.