Hi,
When i running docker daemon with icc=false and iptables=true paramaters, docker daemon just added docker network ipS to iptables. This is a big problem because rancher-agent not added castle ips on the cluster nodes. For the security communication between the containers , should work in these parameters. Otherwise they will be able to talk to each other conrainers.
Ref: https://benchmarks.cisecurity.org/en-us/?route=downloads.form.docker16.110
Section:2.1 & 2.3