diff --git a/Docker.md b/Docker.md
index d8d797c9ddcb6f9f39a437be3aff95e0d8393ba7..c3ac844d351c4e67ee0698fa97d2ad4baf31b815 100644
--- a/Docker.md
+++ b/Docker.md
@@ -1,5 +1,25 @@
 # I2P in Docker
 
+### Very quick start
+If you just want to give I2P a quick try or are using it on a home network, follow these steps:
+
+1. Create two directories `i2pconfig` and `i2ptorrents`
+2. Copy the following text and save it in a file `docker-compose.yml`
+```
+version: "3.5"
+services:
+    i2p:
+        image: geti2p/i2p
+        network_mode: host
+        volumes:
+            - ./i2pconfig:/i2p/.i2p
+            - ./i2ptorrents:/i2psnark
+```
+3. Execute `docker-compose up`
+4. Start a browser and go to `http://127.0.0.1:7657` to complete the setup wizard.
+
+Note that this quick-start approach is not recommended for production deployments on remote servers.  Please read the rest of this document for more information.
+
 ### Building an image
 There is an i2P image available over at [DockerHub](https://hub.docker.com).  If you do not want to use that one, you can build one yourself:
 ```
@@ -17,21 +37,26 @@ By the default the image limits the memory available to the Java heap to 512MB.
 #### Ports
 There are several ports which are exposed by the image.  You can choose which ones to publish depending on your specific needs.
 
-|Port|Description|TCP/UDP|
-|---|---|---|
-|4444|HTTP Proxy|TCP|
-|4445|HTTPS Proxy|TCP|
-|6668|IRC Proxy|TCP|
-|7654|I2CP Protocol|TCP|
-|7656|SAM Bridge TCP|TCP|
-|7657|Router console|TCP|
-|7658|I2P Site|TCP|
-|7659|SMTP Proxy|TCP|
-|7660|POP Proxy|TCP|
-|12345|I2NP Protocol|TCP and UDP|
+|Port|Interface|Description|TCP/UDP|
+|---|---|---|---|
+|4444|127.0.0.1|HTTP Proxy|TCP|
+|4445|127.0.0.1|HTTPS Proxy|TCP|
+|6668|127.0.0.1|IRC Proxy|TCP|
+|7654|127.0.0.1|I2CP Protocol|TCP|
+|7656|127.0.0.1|SAM Bridge TCP|TCP|
+|7657|127.0.0.1|Router console|TCP|
+|7658|127.0.0.1|I2P Site|TCP|
+|7659|127.0.0.1|SMTP Proxy|TCP|
+|7660|127.0.0.1|POP Proxy|TCP|
+|7652|LAN interface|UPnP|TCP|
+|7653|LAN interface|UPnP|UDP|
+|12345|0.0.0.0|I2NP Protocol|TCP and UDP|
 
 You probably want at least the Router Console (7657)  and the HTTP Proxy (4444).  If you want I2P to be able to receive incoming connections from the internet, and hence not think it's firewalled, publish the I2NP Protocol port (12345) - but make sure you publish to a different random port, otherwise others may be able to guess you're running I2P in a Docker image.
 
+#### Networking
+The `network_mode=host` used in the quick-start example is not recommended for cloud deployments.  The [macvlan](https://docs.docker.com/network/macvlan) driver is preferred.  See this [blog post](https://blog.oddbit.com/post/2018-03-12-using-docker-macvlan-networks/) for some tips on using macvlan.
+
 #### Example
 Here is an example container that mounts `i2phome` as home directory, `i2ptorrents` for torrents, and opens HTTP Proxy, IRC, Router Console and I2NP Protocols.  It also limits the memory available to the JVM to 256MB.
 ```
diff --git a/docker/rootfs/i2p/clients.config b/docker/rootfs/i2p/clients.config
index 190dc9c69899cb2a32bc7b47aabe9322c86a31ee..48378a16a490f590fa93aa13bf94fd993e3c93f9 100644
--- a/docker/rootfs/i2p/clients.config
+++ b/docker/rootfs/i2p/clients.config
@@ -30,7 +30,7 @@
 ## non-SSL and SSL
 #clientApp.0.args=7657 ::1,127.0.0.1 -s 7667 ::1,127.0.0.1 ./webapps/
 ## non-SSL only, both IPv6 and IPv4 local interfaces
-clientApp.0.args=7657 0.0.0.0 ./webapps/
+clientApp.0.args=7657 127.0.0.1 ./webapps/
 clientApp.0.main=net.i2p.router.web.RouterConsoleRunner
 clientApp.0.name=webConsole
 clientApp.0.onBoot=true
@@ -38,7 +38,7 @@ clientApp.0.onBoot=true
 # start up the SAM bridge so other client apps can connect
 clientApp.1.main=net.i2p.sam.SAMBridge
 clientApp.1.name=SAMBridge
-clientApp.1.args=sam.keys 0.0.0.0 7656 i2cp.tcp.host=localhost i2cp.tcp.port=7654
+clientApp.1.args=sam.keys 127.0.0.1 7656 i2cp.tcp.host=localhost i2cp.tcp.port=7654
 clientApp.1.startOnLoad=false
 
 # poke the i2ptunnels defined in i2ptunnel.config
diff --git a/docker/rootfs/i2p/i2ptunnel.config b/docker/rootfs/i2p/i2ptunnel.config
index 2dabde376302a7f63f2712eec55813a6b158fb90..7503799af1705e56768b63eb28e8c4b7d0da4954 100644
--- a/docker/rootfs/i2p/i2ptunnel.config
+++ b/docker/rootfs/i2p/i2ptunnel.config
@@ -19,7 +19,7 @@ tunnel.0.name=I2P HTTP Proxy
 tunnel.0.description=HTTP proxy for browsing eepsites and the web
 tunnel.0.type=httpclient
 tunnel.0.sharedClient=true
-tunnel.0.interface=0.0.0.0
+tunnel.0.interface=127.0.0.1
 tunnel.0.listenPort=4444
 tunnel.0.proxyList=false.i2p
 tunnel.0.i2cpHost=127.0.0.1
@@ -44,7 +44,7 @@ tunnel.1.name=Irc2P
 tunnel.1.description=IRC tunnel to access the Irc2P network
 tunnel.1.type=ircclient
 tunnel.1.sharedClient=false
-tunnel.1.interface=0.0.0.0
+tunnel.1.interface=127.0.0.1
 tunnel.1.listenPort=6668
 tunnel.1.targetDestination=irc.postman.i2p:6667,irc.echelon.i2p:6667
 tunnel.1.i2cpHost=127.0.0.1