diff --git a/src/freenas/etc/systemd/system/docker.service.d/override.conf b/src/freenas/etc/systemd/system/docker.service.d/override.conf
new file mode 100644
index 0000000000000..685a48799fa5f
--- /dev/null
+++ b/src/freenas/etc/systemd/system/docker.service.d/override.conf
@@ -0,0 +1,2 @@
+[Service]
+ExecStartPost=/bin/sh -c "iptables -P FORWARD ACCEPT"
diff --git a/src/middlewared/middlewared/etc_files/docker/daemon.json.py b/src/middlewared/middlewared/etc_files/docker/daemon.json.py
index 0aa88a6157d44..602c8f8254e82 100644
--- a/src/middlewared/middlewared/etc_files/docker/daemon.json.py
+++ b/src/middlewared/middlewared/etc_files/docker/daemon.json.py
@@ -20,7 +20,7 @@ def render(service, middleware):
     base = {
         'data-root': data_root,
         'exec-opts': ['native.cgroupdriver=cgroupfs'],
-        'iptables': True,  # FIXME: VMs connectivity would be broken
+        'iptables': True,
         'storage-driver': 'overlay2',
     }
     isolated = middleware.call_sync('system.advanced.config')['isolated_gpu_pci_ids']