diff --git a/Dockerfile b/Dockerfile
index aa23a01..dee053b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -24,8 +24,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
       ipset \
       curl \
       jq \
-    && update-alternatives --set iptables  /usr/sbin/iptables-legacy \
-    && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy \
     && rm -rf /var/lib/apt/lists/* \
     # Remove debian default jail (enables sshd which has no log file in container)
     && rm -f /etc/fail2ban/jail.d/defaults-debian.conf
diff --git a/fail2ban/action.d/docker-npm.conf b/fail2ban/action.d/docker-npm.conf
index c933065..5382abe 100644
--- a/fail2ban/action.d/docker-npm.conf
+++ b/fail2ban/action.d/docker-npm.conf
@@ -6,10 +6,10 @@
 #    (requires xt_string kernel module on the host: modprobe xt_string)
 # 3. INPUT: blocks direct connections to host services
 
-actionban = iptables -I DOCKER-USER -s <ip> -j DROP
-            iptables -I DOCKER-USER -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP 2>/dev/null || true
-            iptables -A INPUT -s <ip> -j DROP
+actionban = iptables-nft -I DOCKER-USER -s <ip> -j DROP
+            iptables-nft -I DOCKER-USER -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP 2>/dev/null || true
+            iptables-nft -A INPUT -s <ip> -j DROP
 
-actionunban = iptables -D DOCKER-USER -s <ip> -j DROP || true
-              iptables -D DOCKER-USER -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP 2>/dev/null || true
-              iptables -D INPUT -s <ip> -j DROP || true
+actionunban = iptables-nft -D DOCKER-USER -s <ip> -j DROP || true
+              iptables-nft -D DOCKER-USER -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP 2>/dev/null || true
+              iptables-nft -D INPUT -s <ip> -j DROP || true