firewalld supports docker and handles all of its routing/changes. I've standardized on using it in my environment.