輸入 docker info 有看到一個警告

WARNING: bridge-nf-call-iptables is disabled

1. 修改 kernel 參數
nano /etc/sysctl.conf

加入下面三個參數

net.bridge.bridge-nf-call-ip6tables = 1 
net.bridge.bridge-nf-call-iptables = 1 
net.bridge.bridge-nf-call-arptables = 1
2. 使生效內核參數立即生效
sudo sysctl -p