Having second thoughts about running all my containers rootless. Container network access logs now only show the container's bridge network ip address as opposed to external ip addresses with connection requests. Makes it hard to implement fail2ban.