Hey. Yes, one can expect, that people know which firewall they use, but not that fail2ban rather silently switches from previously iptables to nftables. Especially also as fail2ban seems to fail silently (I'm mean it's in the logs, but one cannot really expect people to read them without reason).
What I'd recommend is adding a NEWS.Debian entry (for the next version, not the past one where the change was made) and probably a release notes entry, probably also detailing how they could switch back. I'd definitively not depend on nftables, ... if people still set their stuff up via iptables, that might break even more things. Cheers, Chris.
