trying to follow this tutorial, i was not able to get fail2ban to work in my setup, so here is a gist in case I forget.
sudo apt install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
edit your preferred defaults in here. e.g. bantime, ignoreip
volumes:
- /path/to/logs:/data/logs
[INCLUDES]
[Definition]
failregex = ^<HOST>.+" (4\d\d|3\d\d) (\d\d\d|\d) .+$
^.+ 4\d\d \d\d\d - .+ \[Client <HOST>\] \[Length .+\] ".+" .+$
#https://www.the-lazy-dev.com/en/install-fail2ban-with-docker/
[Definition]
actionstart = iptables -N f2b-npm-docker
iptables -A f2b-npm-docker -j RETURN
iptables -I FORWARD -p tcp -m multiport --dports 0:65535 -j f2b-npm-docker
actionstop = iptables -D FORWARD -p tcp -m multiport --dports 0:65535 -j f2b-npm-docker
iptables -F f2b-npm-docker
iptables -X f2b-npm-docker
actioncheck = iptables -n -L FORWARD | grep -q 'f2b-npm-docker[ \t]'
actionban = iptables -I f2b-npm-docker -s <ip> -j DROP
actionunban = iptables -D f2b-npm-docker -s <ip> -j DROP
[npm]
enabled = true
chain=INPUT
maxretry = 3
bantime = 48h
findtime = 60m
logpath = /path/to/logs/default-host_*.log
/path/to/logs/proxy-host-*.log
action = docker-action
Since docker is already using iptables to manipulate access to the system, you might try using the DOCKER-USER chain.