Hardened iptables config for use with Docker

Hey guys,

It seems from both my attempts at using docker in production and now the docker official documentation under the UFW section, it says you default needs to be permissive not drop.

The question, what is a good base firewall config for a dynamic docker environment? I want docker to do it’s thing - I don’t even use --iptables=false and it still doesn’t work (in some circumstances) because of a default drop policy - and I guess docker doesn’t add enough rules to make it happen. If you doubt I’ll give you more details but I’d just be interested to see a default permissive but with other good restrictions for a docker controlled web server. It’s easy to miss things after all.