Docker adds iptables rules when the daemon starts. When a sysadmin or firewall maintenance script flushes iptables, Docker stops working. The only way to get it working again is restarting the Docker daemon, which kills all the running containers. Trying to convince sysadmins to not flush the entire iptables almost never works. Trying to maintain the firewall rules myself seems complicated, brittle and doomed to fail.
I would love to see a command for writing the firewall rules that Docker writes on startup. It sounds (at least to me) like this would be trivial to add, as it wouldn’t require any new functionality. It would just be a command that allows users to manually run a routine that Docker currently runs automatically on startup.