I am using the SWAG container with built-in fail2ban.
of course, I have fail2ban running on my server outside of Docker, too.
it seems like the instance running in the docker container is superfluous, since I can setup my outer instance to watch for failed login attempts on nginx in the log files.
then again, I remember that the interplay between the host OS iptables, the docker system, and the guest container networking can be quite complex.
e.g.: Docker and iptables | Docker Documentation
so, what is the relation between my host OS iptables and my container iptables?
can I setup my host OS fail2ban to watch for my SWAG nginx logs to accomplish the same results?
or, would the docker infrastructure mean that my host OS iptables are bypassed by docker, and thus disabling thefail2ban in the container would mean leaving my SWAG webserver open to brute force attacks?
if it is indeed safe to disable
fail2ban from the SWAG container, how should I do it to avoid wasting resources for unneeded services?