https://bugzilla.redhat.com/show_bug.cgi?id=1036217
--- Comment #2 from Michael Young m.a.young@durham.ac.uk --- (In reply to Lokesh Mandvekar from comment #1)
Michael, can you check if the unit file here works for you? https://bugzilla.redhat.com/show_bug.cgi?id=1033606#c36
That doesn't work, but the modified version below does work (systemd wants full paths for commands, and adding - at the start of the command tells systemd not to treat failure of that command as a failure of the whole unit).
[Unit] Description=Docker container management daemon Wants=firewalld.service After=firewalld.service
[Service] Type=simple ExecStartPre=/usr/sbin/sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1 ExecStart=/usr/bin/docker -d ExecStartPost=-/usr/bin/firewall-cmd --add-masquerade Restart=on-failure
[Install] WantedBy=multi-user.target