I am using the SWAG container with built-in fail2ban.
of course, I have fail2ban running on my server outside of Docker, too.
it seems like the instance running in the docker container is superfluous, since I can setup my outer instance to watch for failed login attempts on nginx in the log files.
then again, I remember that the interplay between the host OS iptables, the docker system, and the guest container networking can be quite complex.
e.g.: Docker and iptables | Docker Documentation
so, what is the relation between my host OS iptables and my container iptables?
can I setup my host OS fail2ban to watch for my SWAG nginx logs to accomplish the same results?
or, would the docker infrastructure mean that my host OS iptables are bypassed by docker, and thus disabling thefail2ban in the container would mean leaving my SWAG webserver open to brute force attacks?
if it is indeed safe to disable fail2ban from the SWAG container, how should I do it to avoid wasting resources for unneeded services?
sure, but what I mean is that I know that the interplay between the host iptables and docker is tricky.
are you sure that adding rules to the INPUT chain, which is the classic fail2ban iptables’ ban action, is sufficient to protect the docker container?
maybe I should ban malicious IPs in the DOCKER-USER chain, instead?
this is the bulk of my question – before disabling fail2ban on the guest, I want to make sure it is working as expected on the host.