Check /etc/default/docker to ensure it doesn’t have the following line:
DOCKER_OPTS="--iptables=false"
Also check /etc/docker/daemon.json to ensure it doesn’t have the following key:
{
"iptables":false
}
We added this on one server to get UFW working with docker. We then changed to an external firewall. Spent ages looking for the reason external networking wasn’t working because it was removed from our deploy guide. Hope this helps someone else.