"iptables | grep -q ...": inconsistent return codes, CLI fails, cronjob works

Hi
can someone explain the following or reproduce it (may replace banIP with another existing chain name)?
Both commands should return "0". This fails on CLI on my system.

set -o pipefail && if { /usr/sbin/iptables-save | grep -q " banIP "; }; then echo $?; fi
# Result: 0 (as cronjob) | <no output> (via CLI)

set -o pipefail && { /usr/sbin/iptables-save | grep -q " banIP "; }; echo $?
# Result: 0 (as cronjob) | 141 (via CLI)
  • behaviour is the same with /usr/sbin/iptables -S instead of iptables-save
  • it works when /usr/sbin/iptables-save is dumped to an intermediate file, which then is cat'ed to pipe+grep (to match the pipe scenario above)
  • /usr/sbin/iptables -S "banIP" > /dev/null; without pipe+grep works

Thanks a lot in advance!

System:

::: banIP runtime information
  + status          : enabled
  + version         : 0.7.10
  + ipset_info      : 11 IPSets with 42708 IPs/Prefixes
  + active_sources  : blacklist, darklist, debl, doh, feodo, greensnow, iblockspy, sslbl, threat, tor, whitelist
  + active_devs     : wan
  + active_ifaces   : wan
  + active_logterms : dropbear, sshd, luci, nginx
  + active_subnets  : 192.168.2.103/24
  + run_infos       : settype: src+dst, backup_dir: /x/x/banIP-backup, report_dir: /x/x/banIP-report
  + run_flags       : protocols (4/6): ✔/✘, log (src/dst): ✘/✘, monitor: ✔, mail: ✔, whitelist only: ✘
  + last_run        : refresh, 0m 8s, 252/100/119, 07.03.2022 16:04:00
  + system          : MikroTik RouterBOARD 750Gr3, OpenWrt 21.02.1 r16325-88151b8303

Corresponding issue on github/banip