diff --git a/utils/docker-ce/Makefile b/utils/docker-ce/Makefile
index 1d5e0a5d9..44881e5cb 100644
--- a/utils/docker-ce/Makefile
+++ b/utils/docker-ce/Makefile
@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=docker-ce
 PKG_VERSION:=19.03.12
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=components/cli/LICENSE components/engine/LICENSE
 
diff --git a/utils/docker-ce/files/dockerd.init b/utils/docker-ce/files/dockerd.init
index 40e7b76b9..464e3c6f4 100644
--- a/utils/docker-ce/files/dockerd.init
+++ b/utils/docker-ce/files/dockerd.init
@@ -3,14 +3,101 @@
 USE_PROCD=1
 START=25
 
+EXTRA_COMMANDS="uciadd ucidel"
+EXTRA_HELP="\
+	uciadd  Add default bridge configuration to network and firewall uci config
+	ucidel  Delete default bridge configuration from network and firewall uci config"
+
 DOCKERD_CONF="/tmp/dockerd/daemon.json"
 
+uci_quiet() {
+	uci -q ${@} >/dev/null
+}
+
 json_add_array_string() {
 	json_add_string "" "$1"
 }
 
+boot() {
+	uciadd
+	rc_procd start_service
+}
+
+uciupdate() {
+	local net="$1"
+
+	uci -q get network.docker >/dev/null || {
+		logger -t "dockerd-init" -p warn "No network uci config section for docker default bridge (docker0) found"
+		return
+	}
+
+	[ -z "$net" ] && {
+		logger -t "dockerd-init" -p notice "Removing network uci config options for docker default bridge (docker0)"
+		uci_quiet delete network.docker.netmask
+		uci_quiet delete network.docker.ipaddr
+		uci_quiet commit network
+		return
+	}
+
+	eval "$(ipcalc.sh "$net")"
+	logger -t "dockerd-init" -p notice "Updating network uci config option \"$net\" for docker default bridge (docker0)"
+	uci_quiet set network.docker.netmask="$NETMASK"
+	uci_quiet set network.docker.ipaddr="$IP"
+	uci_quiet commit network
+}
+
+uciadd() {
+	/etc/init.d/dockerd running && {
+		echo "Please stop dockerd service first"
+		exit 0
+	}
+
+	# Add network interface
+	if ! uci -q get network.docker >/dev/null; then
+		logger -t "dockerd-init" -p notice "Adding docker default bridge to network uci config (docker0)"
+		uci_quiet add network interface
+		uci_quiet rename network.@interface[-1]="docker"
+		uci_quiet set network.docker.ifname="docker0"
+		uci_quiet set network.docker.proto="static"
+		uci_quiet set network.docker.auto="0"
+		uci_quiet commit network
+	fi
+
+	# Add firewall zone
+	if ! uci -q get firewall.docker >/dev/null; then
+		logger -t "dockerd-init" -p notice "Adding docker default bridge firewall zone (docker0)"
+		uci_quiet add firewall zone
+		uci_quiet rename firewall.@zone[-1]="docker"
+		uci_quiet set firewall.docker.network="docker"
+		uci_quiet set firewall.docker.input="REJECT"
+		uci_quiet set firewall.docker.output="ACCEPT"
+		uci_quiet set firewall.docker.forward="REJECT"
+		uci_quiet set firewall.docker.name="docker"
+		uci_quiet commit firewall
+	fi
+
+	reload_config
+}
+
+ucidel() {
+	/etc/init.d/dockerd running && {
+		echo "Please stop dockerd service first"
+		exit 0
+	}
+
+	logger -t "dockerd-init" -p notice "Deleting docker default bridge network from network uci config (docker0)"
+	uci_quiet delete network.docker
+	uci_quiet commit network
+
+	logger -t "dockerd-init" -p notice "Deleting docker default bridge firewall zone from firewall uci config (docker0)"
+	uci_quiet delete firewall.docker
+	uci_quiet commit firewall
+
+	reload_config
+}
+
 process_config() {
-	local alt_config_file data_root log_level
+	local alt_config_file data_root log_level bip
 
 	rm -f "$DOCKERD_CONF"
 
@@ -30,17 +117,24 @@ process_config() {
 
 	config_get data_root globals data_root "/opt/docker/"
 	config_get log_level globals log_level "warn"
+	config_get bip globals bip ""
 
 	. /usr/share/libubox/jshn.sh
 	json_init
 	json_add_string "data-root" "$data_root"
 	json_add_string "log-level" "$log_level"
+	[ -z "$bip" ] || json_add_string "bip" "$bip"
 	json_add_array "registry-mirrors"
-	config_list_foreach globals registry_mirror json_add_array_string
+	config_list_foreach globals registry_mirrors json_add_array_string
+	json_close_array
+	json_add_array "hosts"
+	config_list_foreach globals hosts json_add_array_string
 	json_close_array
 
 	mkdir -p /tmp/dockerd
 	json_dump > "$DOCKERD_CONF"
+
+	uciupdate "$bip"
 }
 
 start_service() {
@@ -77,19 +171,25 @@ ip4tables_remove_nat() {
 }
 
 ip4tables_remove_filter() {
-	iptables -t filter -D FORWARD -j DOCKER-USER
+	# Chain DOCKER-USER is only present,
+	# if bip option is NOT set, so >/dev/null 2>&1
+	iptables -t filter -D FORWARD -j DOCKER-USER >/dev/null 2>&1
 	iptables -t filter -D FORWARD -j DOCKER-ISOLATION-STAGE-1
 	iptables -t filter -D FORWARD -o docker0 -j DOCKER
 
 	iptables -t filter -F DOCKER
 	iptables -t filter -F DOCKER-ISOLATION-STAGE-1
 	iptables -t filter -F DOCKER-ISOLATION-STAGE-2
-	iptables -t filter -F DOCKER-USER
+	# Chain DOCKER-USER is only present,
+	# if bip option is NOT set, so >/dev/null 2>&1
+	iptables -t filter -F DOCKER-USER >/dev/null 2>&1
 
 	iptables -t filter -X DOCKER
 	iptables -t filter -X DOCKER-ISOLATION-STAGE-1
 	iptables -t filter -X DOCKER-ISOLATION-STAGE-2
-	iptables -t filter -X DOCKER-USER
+	# Chain DOCKER-USER is only present,
+	# if bip option is NOT set, so >/dev/null 2>&1
+	iptables -t filter -X DOCKER-USER >/dev/null 2>&1
 }
 
 ip4tables_remove() {
@@ -98,5 +198,8 @@ ip4tables_remove() {
 }
 
 stop_service() {
-	ip4tables_remove
+	if /etc/init.d/dockerd running; then
+		service_stop "/usr/bin/dockerd"
+		ip4tables_remove
+	fi
 }
diff --git a/utils/docker-ce/files/etc/config/dockerd b/utils/docker-ce/files/etc/config/dockerd
index 28f04829b..332ddab21 100644
--- a/utils/docker-ce/files/etc/config/dockerd
+++ b/utils/docker-ce/files/etc/config/dockerd
@@ -3,5 +3,9 @@ config globals 'globals'
 #	option alt_config_file "/etc/docker/daemon.json"
 	option data_root "/opt/docker/"
 	option log_level "warn"
-#	list registry_mirror "https://<my-docker-mirror-host>"
-#	list registry_mirror "https://hub.docker.com"
+	option hosts "unix://var/run/docker.sock"
+	# If the bip option is changed, dockerd must be restarted.
+	# A service reload is not enough.
+	option bip "172.18.01./24"
+#	list registry_mirrors "https://<my-docker-mirror-host>"
+#	list registry_mirrors "https://hub.docker.com"