Error "iptables no chain" on Host with iptables-legacy added (UNRAID Docker Host)

Fail2Ban-and-Docker.md

@@ -38,4 +38,15 @@ enabled = true
 
 With this configuration, any IP that is banned due to Apache will be placed in the `f2b-apache-auth` chain and that jump will be placed at the top of the `DOCKER-USER` chain. Likewise, any IP that is banned due to SSH or PAM will be placed in the `f2b-sshd` or `f2b-pam-generic` chains and that jump will be placed at the top of the `INPUT` chain.
 
-Now you are directly protecting the services in which the attack is occurring, rather than trying to manage an all-in-one solution that will either tax your system resources OR not really offer you the protection you want/need.
+Now you are directly protecting the services in which the attack is occurring, rather than trying to manage an all-in-one solution that will either tax your system resources OR not really offer you the protection you want/need.
+
+# Error: "iptables: No chain/target/match by that name" with Docker Host using iptables-legacy
+Check if the Docker Container and the Docker Host are using the same iptables Version. Run `iptables --version` on the Docker Host and in the Docker Container.
+If the Docker Host is using iptables-legacy, than you need to change the banaction in your fail2ban.local
+
+```ini
+[DEFAULT]
+banaction = iptables-multiport[iptables=iptables-legacy]
+```
+
+NOTE: UNRAID 6.12.14 as Docker Host is using `iptables v1.8.9 (legacy)` and the fail2ban 1.1.0 docker contain is using `iptables v1.8.10 (nf_tables)`.