Docker, stop messing with my iptables rules!
Let's say you are using docker on a server available on the Internet. You already have an iptables based firewall configured. Personally, I'm using uif which is a very powerful perl script available in debian. Have a look at a config example.
To tell docker to never make changes to your system iptables rules, you have to set --iptables=false
when the daemon starts.
For sysvinit and upstart based systems, you can edit /etc/default/docker. For systemd, you can do that:
mkdir /etc/systemd/system/docker.service.d
cat << EOF > /etc/systemd/system/docker.service.d/noiptables.conf
[Service]
ExecStart=/usr/bin/docker daemon -H fd:// --iptables=false
EOF
systemctl daemon-reload
Now reload your firewall and restart docker daemon. You can see that the chain named DOCKER and the references to it in chain FORWARD (policy DROP) disappeared.