If you added a simple banlist text file (just the IPs currently banned by Fail2Ban, in raw text) exposed on the web interface, routers like pfSense or OPNSense can read that and automatically firewall the IPs, meaning even when inside a docker container fail2ban can work meaningfully.