diff --git a/Dockerfile b/Dockerfile
index f619721..c60a164 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -22,6 +22,9 @@ MAINTAINER Joshua Tauberer (http://razor.occams.info)
 ENV PUBLIC_HOSTNAME box.local
 ENV PUBLIC_IP 127.0.123.123
 
+# Docker-specific Mail-in-a-Box configuration.
+ENV DISABLE_FIREWALL 1
+
 # Our install will fail if SSH is installed and allows password-based authentication.
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -qq -y openssh-server
 RUN sed -i /etc/ssh/sshd_config -e "s/^#PasswordAuthentication yes/PasswordAuthentication no/g"
diff --git a/scripts/functions.sh b/scripts/functions.sh
index f1bcaf2..426f914 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -20,7 +20,9 @@ function apt_install {
 }
 
 function ufw_allow {
-	# ufw has completely unhelpful output
-	ufw allow $1 > /dev/null;
+	if [ -z "$DISABLE_FIREWALL" ]; then
+		# ufw has completely unhelpful output
+		ufw allow $1 > /dev/null;
+	fi
 }
 
diff --git a/scripts/system.sh b/scripts/system.sh
index a31be43..1e7afc2 100755
--- a/scripts/system.sh
+++ b/scripts/system.sh
@@ -32,9 +32,14 @@ apt_install python3
 
 apt_install ntp fail2ban
 
-# Turn on the firewall. First allow incoming SSH, then turn on the firewall.
-# Other ports will be opened at the point where we set up those services.
-apt_install ufw
-ufw_allow ssh;
-ufw --force enable;
-
+if [ -z "$DISABLE_FIREWALL" ]; then
+	# Turn on the firewall. First allow incoming SSH, then turn on the firewall.
+	# Other ports will be opened at the point where we set up those services.
+	#
+	# Various virtualized environments like Docker and some VPSs don't provide
+	# a kernel that supports iptables. To avoid error-like output in these cases,
+	# let us disable the firewall.
+	apt_install ufw
+	ufw_allow ssh;
+	ufw --force enable;
+fi
\ No newline at end of file