Using Fail2Ban with dockerized Gitea

Hello everyone,
I have set up a rootless docker container for gitea, and it is working great so far. I got fail2ban running on my host machine and I want to use it to moderate failed logins on gitea.

When checking the /data/log/gitea.log file however, ip’s originate from the local bridge address.

2020/02/12 16:50:31 routers/user/auth.go:171:SignInPost() [I] Failed authentication attempt for someuser from

How can I set up the instance in a way, that incoming ip’s are not masqueraded?


This can currently not be achieved for CentOS8 and docker rootless, since masquerade settings in docker are ignored due to a long lasting bug. Therefor not gitea related.