Comment 8 for bug 1956029

Sorted out the issue. I've got systemd to also wait for ufw to load when starting fail2ban.

Fail2ban issues a many iptables commands in rapid succession and then it's database of banned IPs is large it takes a considerable amount of time for the firewall to be initialised. In the meanwhile anything issuing iptables commands quite likely fail as is it not possible to have more than one instance of iptables active at any one time.

ufw script completes its tasks quickly so makes sense to force that service to start before the fail2ban service.