diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 09f59e985..510165e0b 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -8071,9 +8071,16 @@ sub save_docker_rules($) {
 	  qq(    $tool -t nat -S DOCKER | tail -n +2 > \$VARDIR/.nat_DOCKER),
 	  qq(    $tool -t nat -S POSTROUTING | tail -n +2 | fgrep -v SHOREWALL > \$VARDIR/.nat_POSTROUTING),
 	  qq(    $tool -t filter -S DOCKER | tail -n +2 > \$VARDIR/.filter_DOCKER),
-	  qq(    [ -n "\$g_dockernetwork" ] && $tool -t filter -S DOCKER-ISOLATION | tail -n +2 > \$VARDIR/.filter_DOCKER-ISOLATION),
-	  qq(    $tool -t filter -S FORWARD | grep '^-A FORWARD.*[io] br-[a-z0-9]\\{12\\}' > \$VARDIR/.filter_FORWARD),
-	  qq(    [ -s \$VARDIR/.filter_FORWARD ] || rm -f \$VARDIR/.filter_FORWARD),
+	  qq(    [ -n "\$g_dockernetwork" ] && $tool -t filter -S DOCKER-ISOLATION | tail -n +2 > \$VARDIR/.filter_DOCKER-ISOLATION)
+	);
+
+    if ( known_interface( 'docker0' ) ) {
+	emit( qq(    $tool -t filter -S FORWARD | grep '^-A FORWARD.*[io] br-[a-z0-9]\\{12\\}' > \$VARDIR/.filter_FORWARD) );
+    } else {
+	emit( qq(    $tool -t filter -S FORWARD | egrep '^-A FORWARD.*[io] (docker0|br-[a-z0-9]{12})' > \$VARDIR/.filter_FORWARD) );
+    }
+
+    emit( qq(    [ -s \$VARDIR/.filter_FORWARD ] || rm -f \$VARDIR/.filter_FORWARD),
 	  qq(else),
 	  qq(    rm -f \$VARDIR/.nat_DOCKER),
 	  qq(    rm -f \$VARDIR/.nat_POSTROUTING),
diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index 15a710012..67e14018c 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -637,22 +637,7 @@ sub create_docker_rules() {
 
     add_commands( $chainref, '[ -n "$g_dockernetwork" ] && echo "-A FORWARD -j DOCKER-ISOLATION" >&3', );
 
-    unless ( known_interface('docker0') ) {
-	add_commands( $chainref, 'if [ -n "$g_docker" ]; then' );
-	incr_cmd_level( $chainref );
-	#
-	# Emulate the Docker-generated rules
-	#
-	add_ijump_extended( $chainref, j => 'DOCKER', $origin{DOCKER}, o => 'docker0' );
-	add_ijump_extended( $chainref, j => 'ACCEPT', $origin{DOCKER}, o => 'docker0', conntrack => '--ctstate ESTABLISHED,RELATED' );
-	#
-	# Docker creates two ACCEPT rules for traffic forwarded from docker0 -- one for routeback and one for the rest
-	# We combine them into a single rule
-	#
-	add_ijump_extended( $chainref, j => 'ACCEPT', $origin{DOCKER}, i => 'docker0' );
-	decr_cmd_level( $chainref );
-	add_commands( $chainref, 'fi' );
-    } else {
+    if ( known_interface('docker0') ) {
 	add_commands( $filter_table->{FORWARD}, '[ -n "$g_docker" ] && echo "-A FORWARD -o docker0 -j DOCKER" >&3' );
     }
 
diff --git a/docs/Docker.xml b/docs/Docker.xml
index b48fe2601..92150c98e 100644
--- a/docs/Docker.xml
+++ b/docs/Docker.xml
@@ -63,9 +63,8 @@
     url="manpages/shorewall-interfaces.html">shorewall-interfaces(8)</ulink>.
     As shown below, you can control inter-container communication using the
     <option>bridge</option> and <option>routeback</option> options. If docker0
-    is not defined to Shorewall, then Shorewall will generate rules similar to
-    those that Docker creates when --icc=true (Inter-container Communication)
-    is specified on the Docker daemon runline.</para>
+    is not defined to Shorewall, then Shorewall will save and restore the
+    FORWARD chain rules involving that interface.</para>
 
     <para><filename>/etc/shorewall/shorewall.conf</filename>:</para>