After a long time fiddling around finding the needed information I came across some links and hints to solve my problem. Perhaps
someone needs this clue:
Firstly I have to mention my Container(s) sits within a qemu host.
Secondly in terms having long ip-blacklists due to fail2ban and other tools, its hard to handle things by iptables at all anyway. (performance!)
Since iptables 1.8 was released which is built up onto nftables at kernel-level things are much more easier deploying lxd-container because its not buggy if you have iptables & nftables loaded simoutanously. but it depends. try it at your own risk.
but for me it was the only
solution.
I removed iptables 1.6 by
apt remove --purge iptables
Installed iptables 1.8.x instead from source
installed nftables from source
run my nft -f firewallscript
and thats was all folks
more on