2016-01-07 - networking inside docker

since some time docker containers have whitelist of capabilities – i.e. they are not allowed to do certain things, unless explicitly stated. common case you can ran into is settings up networking inside a container – say a firewall. there are a lot of weird advices, including running insecure containers! the answer to this is however very simple – just add a proper capability, when starting your container:

docker run --cap-add=NET_ADMIN blabala...

and you're done!