How can I whitelist or blacklist a set of IP addresses to control which other hosts on the network can be reached from within a docker container (which is based on openSuSE)?

I already found an answer here, but I would prefer to

• not have to execute commands as root on the host
• make the rules apply only to one container
• (ideally) have the whitelist/blacklist configuration in the Dockerfile

My Dockerfile reads like this:

FROM opensuse:13.1

I build the image like this:

docker build -t mysuse .

Then I would like some IP addresses to be accessible from within the container:

docker run mysuse bash -c "ping -c1 192.168.1.1"
docker run mysuse bash -c "ping -c1 192.168.1.2"

and others to be not accessible:

docker run mysuse bash -c "ping -c1 192.168.1.3"
docker run mysuse bash -c "ping -c1 192.168.1.4"

Thanks for any help on this!