====== 2016-01-07 - networking inside docker ======

since some time docker containers have whitelist of capabilities -- i.e. they are not allowed to do certain things, unless explicitly stated. common case you can ran into is settings up networking inside a container -- say a firewall. there are a lot of weird advices, including running insecure containers! the answer to this is however very simple -- just add a proper capability, when starting your container:
<code bash>
docker run --cap-add=NET_ADMIN blabala...
</code>
and you're done!