Letsencrypt container, net_admin and UFW

Using Ubuntu 18.04 on a cloud instance.

I have been toying around with the idea of running a Pihole container in the cloud. It’s a very bad idea to run a DNS resolver publicly, so I want to limit access to only my home IP.

This is trivial to do with UFW, just add the port and IP and add the rule. But docker and UFW don’t play well with each other, as docker will just overrule the UFW rule and publish port 53 publicly. I don’t want that, so I researched around to curb this behaviour. Found this solution:

This stops docker from interfering with IP-tables, but keeps all other connections healthy.

This leads me to my question, because the lsio letsencrypt container I use uses net_admin to enable fail2ban usage in iptables.

Am i correct in stating that using the above solution will cripple the fail2ban feature in the container?
Will i be able to just apt fail2ban on the system and have the same functionality?
Or should I just learn another firewall?

For anyone running into a similar problem, I found this (better) solution:

You have to use ufw route instead of the usual commands because we are using ufw-user-forward.