diff --git a/config/action.d/firewallcmd-ipset-allports.conf b/config/action.d/firewallcmd-ipset-allports.conf
deleted file mode 100644
index eb940ee0..00000000
--- a/config/action.d/firewallcmd-ipset-allports.conf
+++ /dev/null
@@ -1,51 +0,0 @@
-# Fail2Ban action file for firewall-cmd/ipset
-#
-# This requires:
-# ipset (package: ipset)
-# firewall-cmd (package: firewalld)
-#
-# This is for ipset protocol 6 (and hopefully later) (ipset v6.14).
-# Use ipset -V to see the protocol and version.
-#
-# IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels.
-#
-# If you are running on an older kernel you make need to patch in external
-# modules.
-
-[INCLUDES]
-
-before = iptables-common.conf
-
-[Definition]
-
-actionstart = ipset create fail2ban-<name> hash:ip timeout <bantime>
-              firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m set --match-set fail2ban-<name> src -j <blocktype>
-
-actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m set --match-set fail2ban-<name> src -j <blocktype>
-             ipset flush fail2ban-<name>
-             ipset destroy fail2ban-<name>
-
-actionban = ipset add fail2ban-<name> <ip> timeout <bantime> -exist
-
-actionunban = ipset del fail2ban-<name> <ip> -exist
-
-[Init]
-
-# Option:  chain
-# Notes    specifies the iptables chain to which the fail2ban rules should be
-#          added
-# Values:  [ STRING ]
-#
-chain = INPUT_direct
-
-# Option: bantime
-# Notes:  specifies the bantime in seconds (handled internally rather than by fail2ban)
-# Values:  [ NUM ]  Default: 600
-
-bantime = 600
-
-
-# DEV NOTES:
-#
-# Author: Edgar Hoch and Daniel Black
-# firewallcmd-new / iptables-ipset-proto6 combined for maximium goodness
\ No newline at end of file
diff --git a/config/action.d/firewallcmd-ipset.conf b/config/action.d/firewallcmd-ipset.conf
index 38b0f3d3..62b6e7c2 100644
--- a/config/action.d/firewallcmd-ipset.conf
+++ b/config/action.d/firewallcmd-ipset.conf
@@ -19,9 +19,9 @@ before = iptables-common.conf
 [Definition]
 
 actionstart = ipset create fail2ban-<name> hash:ip timeout <bantime>
-              firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
+              firewall-cmd --direct --add-rule ipv4 filter <chain> 0 <actiontype> -m set --match-set fail2ban-<name> src -j <blocktype>
 
-actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
+actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 <actiontype> -m set --match-set fail2ban-<name> src -j <blocktype>
              ipset flush fail2ban-<name>
              ipset destroy fail2ban-<name>
 
@@ -44,6 +44,23 @@ chain = INPUT_direct
 
 bantime = 600
 
+# Option: actiontype
+# Notes.: defines additions to the blocking rule
+# Values: leave empty to block all attempts from the host
+# Default: Value of the multiport
+actiontype = <multiport>
+
+# Option: allports
+# Notes.: default addition to block all ports
+# Usage.: use in jail config:  banaction = firewallcmd-ipset[actiontype=<allports>]
+#         for all protocols:   banaction = firewallcmd-ipset[actiontype=""]
+allports = -p <protocol>
+
+# Option: multiport
+# Notes.: addition to block access only to specific ports
+# Usage.: use in jail config:  banaction = firewallcmd-ipset[actiontype=<multiport>]
+multiport = -p <protocol> -m multiport --dports <port>
+
 
 # DEV NOTES:
 #