diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..665a4534b
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,12 @@
+FROM geerlingguy/docker-debian8-ansible:latest
+MAINTAINER Jeff Geerling
+
+# Copy provisioning directory into VM.
+COPY ./ /etc/ansible/drupal-vm
+
+# Provision Drupal VM inside Docker.
+RUN ANSIBLE_FORCE_COLOR=true \
+  ansible-playbook /etc/ansible/drupal-vm/provisioning/playbook.yml \
+  --extra-vars="hostname_fqdn=false firewall_enabled=false"
+
+EXPOSE 22 80 81 443 8025
diff --git a/default.config.yml b/default.config.yml
index 72e4c1188..49b11a7cb 100644
--- a/default.config.yml
+++ b/default.config.yml
@@ -220,10 +220,11 @@ extra_packages:
   - sqlite
 
 # You can configure almost anything else on the server in the rest of this file.
-extra_security_enabled: false
-
 drush_version: "8.1.10"
 
+extra_security_enabled: false
+
+firewall_enabled: true
 firewall_allowed_tcp_ports:
   - "22"
   - "25"
diff --git a/provisioning/playbook.yml b/provisioning/playbook.yml
index 4f6b6c00d..809d3351f 100644
--- a/provisioning/playbook.yml
+++ b/provisioning/playbook.yml
@@ -34,7 +34,7 @@
     # Essential roles.
     - { role: geerlingguy.repo-remi, when: ansible_os_family == 'RedHat', tags: ['webserver', 'php'] }
     - { role: drupalvm.hostname }
-    - { role: geerlingguy.firewall }
+    - { role: geerlingguy.firewall, when: firewall_enabled }
     - { role: geerlingguy.git }
     - { role: geerlingguy.postfix }
     - { role: geerlingguy.apache, when: drupalvm_webserver == 'apache', tags: ['webserver']}
diff --git a/provisioning/roles/drupalvm.hostname/README.md b/provisioning/roles/drupalvm.hostname/README.md
index 914954384..66f9bc582 100644
--- a/provisioning/roles/drupalvm.hostname/README.md
+++ b/provisioning/roles/drupalvm.hostname/README.md
@@ -14,7 +14,7 @@ Available variables are listed below:
 hostname_fqdn: "{{ inventory_hostname }}"
 ```
 
-The fully qualified domain name.
+The fully qualified domain name. If left blank, the `hostname` command will not be run (this can be useful if running the role within a Docker container).
 
 ```yaml
 hostname_short: "{{ hostname_fqdn|regex_replace('^([^.]+).*$', '\\1') }}"
diff --git a/provisioning/roles/drupalvm.hostname/tasks/main.yml b/provisioning/roles/drupalvm.hostname/tasks/main.yml
index 5dcebbb7c..83de7fe8d 100644
--- a/provisioning/roles/drupalvm.hostname/tasks/main.yml
+++ b/provisioning/roles/drupalvm.hostname/tasks/main.yml
@@ -19,7 +19,8 @@
     dest: /etc/hostname
     unsafe_writes: "{{ hostname_unsafe_writes }}"
   register: set_hostname
+  when: hostname_fqdn
 
 - name: Set the hostname for current session.
   shell: hostname --file /etc/hostname
-  when: set_hostname.changed
+  when: hostname_fqdn and set_hostname.changed