Ah, at last I can contribute a bit of info.
I did yum install fail2ban and it wanted to install Shorewall as a dependency, which would have trashed Firestarter.
I quite like Firestarter, it's protected this box against some really determined hack attenpts.
Of course we insist on strong passwords, but I have no problems with Firestarter at all. In fact I highly recommend it. We've had up to 5,000 attempts per 24 hours, night after night and Firestarter has coped with all that.
Bottom line, I didn't install fail2ban. I used Denyhosts instead.
I haven't really worried too much about the acne-ridden yobs who have nothing better to do with their lives, but the traffic is getting a bit much.
Hopefully DenyHosts will cut it down considerably