This question really deserves some attention. WordFence looks like one of the most popular plugins for security nowadays. Compared with the iThemes security it is like 2.6:3.2 where iThemes Security (former Better WP Security) won. Of course these were thousand of 5 stars.
The author of the WordFence wrote this section:
My WordPress site is behind a firewall. Doesn’t that make it secure?
If your site is accessible from the web, it means that people you don’t know can execute PHP code on your site. They have to be able to execute PHP code, like the core WordPress code, in order for your site to work.
What a nonsense so far. I will not paraphrase much more, you can check from the https://wordpress.org/plugins/wordfence/faq/
The important thing is WordFence works like application level firewall. Similar like .htaccess files works for Apache.
What WordFence do as a firewall? It logs requests information to your database. So better you have SSD disk on your hosting if you need fast web site.
Fail2ban works on network level. In Python it communicates with iptables, and TCP sockets, and can work with error.log file, auth.log, and access.log files – whatever you set in config.
http://www.fail2ban.org/wiki/index.php/Main_Page
All you need to configure for fail2ban are jails
https://snippets.aktagon.com/snippets/554-how-to-secure-an-nginx-server-with-fail2ban
Here you will get the overview what to do. But the question is who uses that anymore?
Fail2ban cannot protect well not even their page (provided you in the upper link). The limitation is it cannot work well with IPv6 addresses.
So I guess you should consider some other firewall. This may be a good question for some other time.
Hope this helps.