diff --git a/README.md b/README.md
index 6359958..a257873 100644
--- a/README.md
+++ b/README.md
@@ -27,9 +27,8 @@ None
 - `fail2ban_mta`: [default: `sendmail`]: Email action
 - `fail2ban_protocol`: [default: `tcp`]: Sets the default protocol
 - `fail2ban_chain`: [default: `INPUT`]: Specifies the chain where jumps would need to be added in iptables-* actions
-- `fail2ban_action`: [default: `action_`]: Default action
+- `fail2ban_action`: [default: `%(action_)s`]: Default action.  **Note that variables (including the actions defined elsewhere in the config files) must be wrapped in python-style `%(` and `)s` so they are expanded**
 - `fail2ban_sendername`: [default: `Fail2ban`]: The 'from' name for emails sent by mta actions.  NB: Use `fail2ban_sender` to set the 'from' email address.
-
 - `fail2ban_sender`: [optional]: The 'from' address for emails sent by mta actions.
 - `fail2ban_filterd_path`: [optional]: Path to directory containing filters to copy (**note the trailing slash**)
 - `fail2ban_actiond_path`: [optional]: Path to directory containing actions to copy (**note the trailing slash**)
@@ -46,7 +45,7 @@ fail2ban_services:
     logpath: /var/log/auth.log
     maxretry: 6
     protocol: tcp                 (optional)
-    action: action_               (optional)
+    action: %(action_)s           (optional)
     banaction: iptables-multiport (optional)
     bantime: 600                  (optional)
     findtime: 600                 (optional)
diff --git a/defaults/main.yml b/defaults/main.yml
index 84c0e9c..d5a63ac 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -21,7 +21,7 @@ fail2ban_banaction: iptables-multiport
 fail2ban_mta: sendmail
 fail2ban_protocol: tcp
 fail2ban_chain: INPUT
-fail2ban_action: action_
+fail2ban_action: '%(action_)s'
 
 fail2ban_services:
   - name: ssh
diff --git a/templates/etc/fail2ban/jail.local.j2 b/templates/etc/fail2ban/jail.local.j2
index 961af39..d11925f 100644
--- a/templates/etc/fail2ban/jail.local.j2
+++ b/templates/etc/fail2ban/jail.local.j2
@@ -83,7 +83,7 @@ action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(proto
 # Choose default action.  To change, just override value of 'action' with the
 # interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
 # globally (section [DEFAULT]) or per specific section
-action = %({{ fail2ban_action }})s
+action = {{ fail2ban_action }}
 
 #
 # JAILS
@@ -119,7 +119,7 @@ findtime = {{ service.findtime }}
 bantime = {{ service.bantime }}
 {% endif %}
 {% if service.action is defined %}
-action = %({{ service.action }})s
+action = {{ service.action }}
 {% endif %}
 {% if service.banaction is defined %}
 banaction = {{ service.banaction }}