lammert - 4:07 am on Feb 26, 2012 (gmt 0)
There is no better. Shorewall uses the netfilter system which is part of the Linux kernel. This makes it very efficient to handle large amounts of packets without much CPU overhead. This is the type of protection you want against DDOS attacks, blocking access to your SSH and POP3 ports with the exception of a few trusted IP addresses etc.
Fail2ban checks log files and does high level checks and is as far as I know written in Python. It causes therefore a moderate CPU and disk overhead and you don't want to use it to defend against massive attacks on your server. But it is capable to detect suspicious behavior on ports which you cannot simply block on the IP level like multiple failed password attempts on global FTP accounts, scans for PHPMyAdmin installations on your Apache server etc.