Install Docker

Follow https://docs.docker.com/engine/install/centos/#install-docker-engine

Install Docker Compose

Follow https://docs.docker.com/compose/install/#install-compose

Setup Firewall

From https://serverfault.com/a/994704

1) Check what interface docker is using, e.g. 'docker0'

ip link show

2) Check available firewalld zones, e.g. 'public'

sudo firewall-cmd --get-active-zones

3) Check what zone the docker interface it bound to, most likely 'no zone' yet

sudo firewall-cmd --get-zone-of-interface=docker0

4) So add the 'docker0' interface to the 'public' zone. Changes will be visible only after firewalld reload

sudo nmcli connection modify docker0 connection.zone public

5) Masquerading allows for docker ingress and egress (this is the juicy bit)

sudo firewall-cmd --zone=public --add-masquerade --permanent

6) Reload firewalld and dockerd

sudo firewall-cmd --reload
sudo systemctl restart docker

7) Test ping and DNS works:

docker run busybox ping -c 1 8.8.8.8
docker run busybox ping -c 1 vinrobot.net
docker run busybox cat /etc/resolv.conf