diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 2e475a85f..9f5bcb58f 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -2989,6 +2989,8 @@ sub initialize_chain_table($) {
 	}
     }
 
+    my $chainref;
+
     if ( $full ) {
 	#
 	# Create this chain early in case it is needed by Policy actions
@@ -2996,11 +2998,18 @@ sub initialize_chain_table($) {
 	new_standard_chain 'reject';
 
 	if ( $config{DOCKER} ) {
-	    my $chainref = new_nat_chain( $globals{POSTROUTING} = 'SHOREWALL' );
+	    $chainref = new_nat_chain( $globals{POSTROUTING} = 'SHOREWALL' );
 	    set_optflags( $chainref, DONT_OPTIMIZE | DONT_DELETE | DONT_MOVE );
 	}
     }
 
+    if ( $config{DOCKER} ) {
+	$chainref = new_standard_chain( 'DOCKER' );
+	set_optflags( $chainref, DONT_OPTIMIZE | DONT_DELETE | DONT_MOVE );
+	$chainref = new_nat_chain( 'DOCKER' );
+	set_optflags( $chainref, DONT_OPTIMIZE | DONT_DELETE | DONT_MOVE );
+    }
+
     my $ruleref = transform_rule( $globals{LOGLIMIT} );
 
     $globals{iLOGLIMIT} =
diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index bf09bf1af..186a283a9 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -646,6 +646,26 @@ sub add_common_rules ( $ ) {
     my $level     = $config{BLACKLIST_LOG_LEVEL};
     my $tag       = $globals{BLACKLIST_LOG_TAG};
     my $rejectref = $filter_table->{reject};
+    #
+    # Insure that Docker jumps are early in the builtin chains
+    #
+    if ( $config{DOCKER} ) {
+	my $forwardref = $filter_table->{FORWARD};
+
+	add_ijump( $nat_table->{PREROUTING}, j => 'DOCKER', addrtype => '--dst-type LOCAL' );
+	add_ijump( $nat_table->{OUTPUT},     j => 'DOCKER', d => '127.0.0.0/8', addrtype => '--dst-type LOCAL' );
+
+	add_ijump_extended( $forwardref, j => 'DOCKER', $origin{DOCKER}, o => 'docker0' );
+
+	unless ( known_interface('docker0') ) {
+	    #
+	    # Emulate the Docker-generated rules
+	    #
+	    add_ijump_extended( $forwardref, j => 'ACCEPT', $origin{DOCKER}, o => 'docker0', conntrack => '--ctstate ESTABLISHED,RELATED' );
+	    add_ijump_extended( $forwardref, j => 'ACCEPT', $origin{DOCKER}, i => 'docker0', o => '! docker0' );
+	    add_ijump_extended( $forwardref, j => 'ACCEPT', $origin{DOCKER}, i => 'docker0', o => 'docker0' );
+	}
+    }
 
     if ( $config{DYNAMIC_BLACKLIST} ) {
 	add_rule_pair( set_optflags( new_standard_chain( 'logdrop' )  , DONT_OPTIMIZE | DONT_DELETE ), '' , 'DROP'   , $level , $tag);