Add note about blocking connections in docker environment

Troubleshooting.md

@@ -37,6 +37,18 @@ If you find and fix your error then reload fail2ban using:<br/>
 `?sudo? service fail2ban restart`<br/>
 Please note: all banned IPs will be unbanned and banned again after restart.<br/>
 
+***
+**[Q]** I'm trying to block connections on a service hosted in a docker container. Fail2ban logs says it has banned some IPs, but I still see some connections from banned adresses in the service logs?<br/>
+**[A]** fail2ban uses the INPUT iptables chain by default to block incoming traffic for the local server. docker uses FORWARD chain to send traffic to your containers, so the rules in the INPUT chain will have no effect. You need to change the default iptables chain to DOCKER-USER (which is called by FORWARD chain) in your jail config file, so that the blocking rule can block traffic destinated to services hosted in docker containers:
+
+```
+[FILTERNAME]
+enabled = true
+chain = DOCKER-USER
+```
+See [#2292](https://github.com/fail2ban/fail2ban/issues/2292) for more details.
+
+
 **For Heavy Debugging Users**<br/>
 You can run the Fail2Ban-Client in a very verbose mode using the following commands which will show you all output when Fail2Ban is loading, this is also a useful method for tracing errors in jails, filters and actions.<br/><br/> 
 Stop the Failban Server by running<br/>