I had some problems with fail2ban and firewalld on some Fedora systems

fail2ban logged violations – but the ip addresses were not being blocked in firewalld.

To check and see if ip addresses from fail2ban are being entered into firewalld run the command 

firewall-cmd --list-all

or

firewall-cmd --list-rich-rules

and if entries saved in /var/log/fail2ban.log are not appearing in firewalld we need to check /etc/fail2ban/jail.conf  (or better yet – in /etc/fail2ban/jail.local) for the following lines:

[DEFAULT]
banaction = firewallcmd-rich-rules[actiontype=<multiport>]
banaction_allports = firewallcmd-rich-rules[actiontype=<allports>]

then 

systemctl restart fail2ban.service