diff --git a/Dockerfile b/Dockerfile
index 5232a0f..1b1d552 100755
--- a/Dockerfile
+++ b/Dockerfile
@@ -27,6 +27,7 @@ RUN \
   apk add --no-cache \
     fail2ban \
     gnupg \
+    iptables-legacy \
     memcached \
     nginx-mod-http-brotli \
     nginx-mod-http-dav-ext \
diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index 56668e4..1e3c4e1 100755
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -27,6 +27,7 @@ RUN \
   apk add --no-cache \
     fail2ban \
     gnupg \
+    iptables-legacy \
     memcached \
     nginx-mod-http-brotli \
     nginx-mod-http-dav-ext \
diff --git a/readme-vars.yml b/readme-vars.yml
index 840a664..33f75a2 100644
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -141,6 +141,7 @@ app_setup_block: |
 # changelog
 changelogs:
   - { date: "24.07.14:", desc: "Rebase to Alpine 3.20. Remove deprecated Google Domains certbot plugin. Existing users should update their nginx confs to avoid http2 deprecation warnings."}
+  - { date: "01.07.24:", desc: "Fall back to iptables-legacy if iptables doesn't work." }
   - { date: "23.03.24:", desc: "Fix perms on the generated `priv-fullchain-bundle.pem`." }
   - { date: "14.03.24:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38." }
   - { date: "11.03.24:", desc: "Restore support for DynuDNS using `certbot-dns-dynudns`." }
diff --git a/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run
index abd14b4..6022729 100755
--- a/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run
@@ -1,6 +1,15 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash
 
+if ! iptables -L &> /dev/null; then
+  ln -sf /sbin/xtables-legacy-multi /sbin/iptables
+  ln -sf /sbin/xtables-legacy-multi /sbin/iptables-save
+  ln -sf /sbin/xtables-legacy-multi /sbin/iptables-restore
+  ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables
+  ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables-save
+  ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables-restore
+fi
+
 # copy/update the fail2ban config defaults to/in /config
 cp -R /defaults/fail2ban/filter.d /config/fail2ban/
 cp -R /defaults/fail2ban/action.d /config/fail2ban/