Trouble with Fail2Ban

I am struggling with the app with fail2ban. The server is a Community 7 server put up this spring. Last updates appear to be in May. My issue is with fail2ban/fail2ban-server.

I created the /etc/fail2ban/jail.local and enabled sshd. The /var/log/fail2ban.log file is very busy with lots of logging ssh attacks. It reports that an attacking IP address is banned, but, that IP continues to hit the server.

I see the iptables rule for "REJECT all -- 0.0.0.0/0 0.0.0.0/0 match-set f2b-sshd src reject-with icmp-port-unreachable. But, I don't see anywhere in iptables -L -n that the bad ipaddresses are being added. Is there somewhere that I can see the "match-set s2b-sshd" entries?

I tried uninstalling and reinstalling the app-attack-detector which re-installed the fail2ban system. No help. The behavior is the same. IP addresses are recognized as ssh attacks, are logged, and reported as banned, but, are not being stopped by the firewall.

What am I missing?