Permanently Ban previously banned IP using Fail2ban with firwallcmd multiport

firewallcmd-multiport.conf

# Fail2Ban configuration file
#
# Author: Donald Yandt 
# Because of the --remove-rules in stop this action requires firewalld-0.3.8+

[INCLUDES]

before = firewallcmd-common.conf

[Definition]

actionstart = firewall-cmd --direct --add-chain <family> filter f2b-<name>
              firewall-cmd --direct --add-rule <family> filter f2b-<name> 1000 -j RETURN
              firewall-cmd --direct --add-rule <family> filter <chain> 0 -m conntrack --ctstate NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
	      cat /etc/fail2ban/persistent.bans | awk '/^<family>-<name>/ {print $2}' | while read IP; do firewall-cmd --direct --add-rule <family> filter f2b-<name> 0 -s $IP -j <blocktype>; done

actionstop = firewall-cmd --direct --remove-rule <family> filter <chain> 0 -m conntrack --ctstate NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
             firewall-cmd --direct --remove-rules <family> filter f2b-<name>
             firewall-cmd --direct --remove-chain <family> filter f2b-<name>

# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$'

actioncheck = firewall-cmd --direct --get-chains <family> filter | sed -e 's, ,\n,g' | grep -q '^f2b-<name>$'

actionban = firewall-cmd --direct --add-rule <family> filter f2b-<name> 0 -s <ip> -j <blocktype>
            echo "<family>-<name> <ip>" >> /etc/fail2ban/persistent.bans

actionunban = firewall-cmd --direct --remove-rule <family> filter f2b-<name> 0 -s <ip> -j <blocktype>