Question Fail2ban for Docker Containers

[Bogey]

I tried what you suggested earlier and it didn't work. Resolving the real IP isn't the problem, that works. I can see it in the log files and from that fail2ban creates the iptables rules. But then the actual blocking isn't happening. This is what iptables shows:

sudo iptables -S | grep f2b
-N f2b-nginx-proxy-manager
-A DOCKER -p tcp -j f2b-nginx-proxy-manager
-A f2b-nginx-proxy-manager -s 185.128.25.52/32 -j DROP
-A f2b-nginx-proxy-manager -j RETURN

From what I understand from iptables is that the package meets te INPUT chain table filter and the package should be dropped. But... it probably depends on what iptables is comparing it with, right? I mean, it's basically a "if X = Y then drop" question/command. So "if X = 185.128.25.52/32 then drop", clearly X isn't the real IP address (probably a CF address). I guess the real IP address is received from upstream but then not used for iptable rules. Then the penny dropped, and I can strike through all of the above, as CF is the one who makes the connection because... <drumroll, thank you one-eyed-king> this idiot (that's me just to be absolutely clear - lol) forgot to disable the proxy mode and switch to dns only... duh!
So regarding ban and block with fail2ban... long story short: if one is using CF as a proxy, use 'cloudflare' ban action. If one is using CF dns only then use 'iptables' action.