koalamon/gist:6aa0e909a555381fc4372ae8bc85cd4f

## gistfile1.txt
worker1:~# iptables -L -n -v
Chain INPUT (policy ACCEPT 25644 packets, 3863K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  12M 6499M DOCKER-ISOLATION  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0
5951K 6034M DOCKER     all  --  *      br-6949f407ee1d  0.0.0.0/0            0.0.0.0/0
5946K 6034M ACCEPT     all  --  *      br-6949f407ee1d  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
5674K  465M ACCEPT     all  --  br-6949f407ee1d !br-6949f407ee1d  0.0.0.0/0            0.0.0.0/0
 4605  299K ACCEPT     all  --  br-6949f407ee1d br-6949f407ee1d  0.0.0.0/0            0.0.0.0/0
    0     0 REJECT     tcp  --  enp2s0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:27017 reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 26646 packets, 7773K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  !br-6949f407ee1d br-6949f407ee1d  0.0.0.0/0            172.18.0.3           tcp dpt:4444
   28  1643 ACCEPT     tcp  --  !br-6949f407ee1d br-6949f407ee1d  0.0.0.0/0            172.18.0.4           tcp dpt:27017

Chain DOCKER-ISOLATION (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  br-6949f407ee1d docker0  0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  docker0 br-6949f407ee1d  0.0.0.0/0            0.0.0.0/0
  12M 6499M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
	worker1:~# iptables -L -n -v
	Chain INPUT (policy ACCEPT 25644 packets, 3863K bytes)
	pkts bytes target prot opt in out source destination

	Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
	pkts bytes target prot opt in out source destination
	12M 6499M DOCKER-ISOLATION all -- * * 0.0.0.0/0 0.0.0.0/0
	0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
	0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
	0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
	0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
	5951K 6034M DOCKER all -- * br-6949f407ee1d 0.0.0.0/0 0.0.0.0/0
	5946K 6034M ACCEPT all -- * br-6949f407ee1d 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
	5674K 465M ACCEPT all -- br-6949f407ee1d !br-6949f407ee1d 0.0.0.0/0 0.0.0.0/0
	4605 299K ACCEPT all -- br-6949f407ee1d br-6949f407ee1d 0.0.0.0/0 0.0.0.0/0
	0 0 REJECT tcp -- enp2s0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:27017 reject-with icmp-port-unreachable

	Chain OUTPUT (policy ACCEPT 26646 packets, 7773K bytes)
	pkts bytes target prot opt in out source destination

	Chain DOCKER (2 references)
	pkts bytes target prot opt in out source destination
	0 0 ACCEPT tcp -- !br-6949f407ee1d br-6949f407ee1d 0.0.0.0/0 172.18.0.3 tcp dpt:4444
	28 1643 ACCEPT tcp -- !br-6949f407ee1d br-6949f407ee1d 0.0.0.0/0 172.18.0.4 tcp dpt:27017

	Chain DOCKER-ISOLATION (1 references)
	pkts bytes target prot opt in out source destination
	0 0 DROP all -- br-6949f407ee1d docker0 0.0.0.0/0 0.0.0.0/0
	0 0 DROP all -- docker0 br-6949f407ee1d 0.0.0.0/0 0.0.0.0/0
	12M 6499M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0