By default, Docker performs most of the netfilter configuration for you. It takes care of things such as publishing ports and outbound masquerading, as well as allows you to block or allow ICC. However, this is all optional and you can tell Docker not to modify or add to any of your existing iptables rules. If you do this, you'll need to generate your own rules to provide similar functionality. This may be appealing to you if you're already using iptables rules extensively and don't want Docker to automatically make changes to your configuration. In this recipe we'll discuss how to disable automatic iptables rule generation for Docker and show you how to manually create similar rules.