diff --git a/src/network.js b/src/network.js
index 2247a4c15..2fee37e2b 100644
--- a/src/network.js
+++ b/src/network.js
@@ -85,6 +85,10 @@ async function setBlocklist(blocklist, auditSource) {
         } else {
             if (ipaddr.includes(rangeOrIP, auditSource.ip)) throw new BoxError(BoxError.BAD_FIELD, `range ${rangeOrIP} includes client IP. Cannot block yourself`);
         }
+
+        // this won't work in cases where it's a bigger subnet
+        if (rangeOrIP.startsWith('172.18.') || rangeOrIP.toLowerCase().startsWith('fd00:c107:d509:')) throw new BoxError(BoxError.BAD_FIELD, `${rangeOrIP} includes internal docker network. This cannot be blocked`);
+
         ++count;
     }