diff --git a/config/action.d/iptables.conf b/config/action.d/iptables.conf
index c8314b9d..462e3ce4 100644
--- a/config/action.d/iptables.conf
+++ b/config/action.d/iptables.conf
@@ -65,22 +65,30 @@ rule-jump = -j <_ipt_rule_target>
 # Several capabilities used internally:
 
 _ipt_for_proto-iter = for proto in $(echo '<protocol>' | sed 's/,/ /g'); do
+_ipt_for_chain-iter = for chain in $(echo '<chains>' | sed 's/,/ /g'); do
+_ipt_for_chain-done = done;
 _ipt_for_proto-done = done
 
 _ipt_add_rules = <_ipt_for_proto-iter>
-              { %(_ipt_check_rule)s >/dev/null 2>&1; } || { <iptables> -I <chain> %(_ipt_chain_rule)s; }
+              <_ipt_for_chain-iter>
+              { %(_ipt_check_rule)s >/dev/null 2>&1; } || { <iptables> -I $chain %(_ipt_chain_rule)s; }
+              <_ipt_for_chain-done>
               <_ipt_for_proto-done>
 
 _ipt_del_rules = <_ipt_for_proto-iter>
-              <iptables> -D <chain> %(_ipt_chain_rule)s
+              <_ipt_for_chain-iter>
+              <iptables> -D $chain %(_ipt_chain_rule)s
+              <_ipt_for_chain-done>
               <_ipt_for_proto-done>
 
 _ipt_check_rules = <_ipt_for_proto-iter>
+              <_ipt_for_chain-iter>
               %(_ipt_check_rule)s
+              <_ipt_for_chain-done>
               <_ipt_for_proto-done>
 
 _ipt_chain_rule = <pre-rule><ipt_<type>/_chain_rule>
-_ipt_check_rule = <iptables> -C <chain> %(_ipt_chain_rule)s
+_ipt_check_rule = <iptables> -C $chain %(_ipt_chain_rule)s
 _ipt_rule_target = f2b-<name>
 
 [ipt_oneport]
@@ -98,11 +106,12 @@ _chain_rule = -p $proto <rule-jump>
 
 [Init]
 
-# Option:  chain
-# Notes    specifies the iptables chain to which the Fail2Ban rules should be
-#          added
+# Option:  chains
+# Notes    specifies the iptables chains to which the Fail2Ban rules should be
+#          added. May be a sigle chain (eg. INPUT) or a comma separated list
+#          (eg. INPUT, FORWARD)
 # Values:  STRING  Default: INPUT
-chain = INPUT
+chains = INPUT
 
 # Default name of the chain
 #