Fail2ban is installed as part of the target environment(Ubuntu), the container remains independent. However, to interpret the filters Fail2ban must have access to the container log files.
The following example shows Fail2ban, Docker Host, and Container on an Ubuntu server with iptables. Fail2ban should monitor and protect the SSH accesses to the Ubuntu server and the HTTP accesses to the Docker container.
Fail2ban helps protect a server from brute force and Deny-Of-Services (DOS) attacks.
Fail2ban is developed in Python language
Fail2ban analyzes the logs of the server when it detects several unsuccessful connection attempts it will put in place actions that you will have defined such as blocking the IP address or send alert email
Fail2Ban is based on a system of jails that can be set, enabled or disabled in a simple configuration file (/etc/fail2ban/jail.conf)