I'd like to restrict any network communications from inside a docker container.
I've seen these SO questions:
How to prevent code inside docker container from accessing the network?
Disable access to LAN from docker container
But modifications in iptables did not take any effect.
How could I specify --icc=false option? I try to docker run --icc=false -t -i distr and docker does not understand icc option. Should I specify it somewhere else?
Is there any solid method to disable networking? Like downing docker0 interface and making sure it will not get up again?
The --icc=false flag is for the Docker daemon; it is applied system wide, not to single containers.
I think specifying --net=none to the docker run command will do what you want; it won't connect the container to the Docker bridge so the container will be unable to communicate to the outside world or other containers.