What is the best practice of docker + ufw under Ubuntu

I just tried out Docker. It is awesome but seems not work nicely with ufw. By default, docker will manipulate the iptables a little bit. The outcome is not a bug but not what I expected. For more details you can read [The dangers of UFW + Docker][1] My goal is to set up a system like Host (running ufw) -> docker container 1 - nginx (as a reverse proxy) -> docker container 2 - node web 1 -> docker container 3 - node web 2 -> ....... I want to manage the incoming traffic (e.g. restrict access) through ufw therefore I don't want docker to touch my iptables. Here is my test **Environment:** - a newly installed Ubuntu 14.04 (kernel: 3.13.0-53 ) - Docker 1.6.2 - ufw forwarding is enabled.( [Enable UFW forwarding] [2] ) - `--iptables=false` was added to the Docker daemon. **First Attempt** docker run --name ghost -v /home/xxxx/ghost_content:/var/lib/ghost -d ghost docker run --name nginx -p 80:80 -v /home/xxxx/nginx_site_enable:/etc/nginx/conf.d:ro --link ghost:ghost -d nginx No luck. The first command is fine but the second command will throw an error Error response from daemon: Cannot start container **Second Attempt** Then I found this: [unable to link containers with --iptables=false #12701][3] After running the following command, everything looks OK. sudo iptables -N DOCKER However, I noticed that I can not establish any outbound connections inside containers. For example: xxxxg@ubuntu:~$ sudo docker exec -t -i nginx /bin/bash root@b0d33f22d3f4:/# ping 74.125.21.147 PING 74.125.21.147 (74.125.21.147): 56 data bytes ^C--- 74.125.21.147 ping statistics --- 35 packets transmitted, 0 packets received, 100% packet loss root@b0d33f22d3f4:/# If I remove `--iptables=false` from the Docker daemon, then the internet connection of containers will be back to normal but the ufw will not work 'properly' (well...by my definition). So, what is the best practice of docker + ufw? Can anyone provide some help? [1]: http://blog.viktorpetersson.com/post/101707677489/the-dangers-of-ufw-docker [2]: https://docs.docker.com/installation/ubuntulinux/#enable-ufw-forwarding "Enable UFW forwarding" [3]: https://github.com/docker/docker/issues/12701