セントス6など前提で。
CAP_NET_ADMIN ケーパビリティを与える
$ docker run --cap-add=NET_ADMIN --rm -ti hoge_image /bin/bash
IPTABLES_MODULES_UNLOAD=no を /etc/sysconfig/iptables-config に書き込む
bash-4.1# echo 'IPTABLES_MODULES_UNLOAD=no' >> /etc/sysconfig/iptables-config
bash-4.1# service iptables stop
iptables: Setting chains to policy ACCEPT: nat filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
bash-4.1# service iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Serverspec のお供にどうぞ。Docker内ではスキップしてる人が多そうだが。