diff --git a/.vimrc b/.vimrc
new file mode 100644
index 0000000..e24f514
--- /dev/null
+++ b/.vimrc
@@ -0,0 +1,8 @@
+set ts=4 sw=4
+set ai si
+
+" can this be copied from the /etc/vim/vimrc file instead?
+if has("autocmd")
+  au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
+endif
+
diff --git a/.zshrc b/.zshrc
new file mode 100644
index 0000000..96d68f3
--- /dev/null
+++ b/.zshrc
@@ -0,0 +1,31 @@
+# Lines configured by zsh-newuser-install
+HISTFILE=~/.histfile
+HISTSIZE=1000
+SAVEHIST=1000
+bindkey -e
+# End of lines configured by zsh-newuser-install
+# The following lines were added by compinstall
+zstyle :compinstall filename '/home/emg/.zshrc'
+
+autoload -Uz compinit
+compinit
+# End of lines added by compinstall
+
+alias l=less m=more
+alias ll='ls -l'
+alias vi=vim
+alias vg='valgrind --leak-check=full --show-leak-kinds=all --gen-suppressions=all'
+
+ulimit -c unlimited
+git_prompt() {
+        git branch --color=never |& grep -v "Not a git" | grep '^\*' | head -1 | tr -d '*' | tr ' ' '@'
+}
+setopt prompt_subst
+autoload -U promptinit
+promptinit
+PS1='%n@%m:%~$(git_prompt)>'
+
+RPS1='%T'
+
+export TZ=CET
+
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..25914b6
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,38 @@
+# syntax=docker/dockerfile:1
+
+FROM ubuntu:18.04
+
+LABEL maintainer="daniel@braxo.se"
+
+RUN \
+        apt-get update && \
+        DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata && \
+        apt-get install -y \
+			cmake \
+			gcc \
+			g++ \
+			git \
+			less \
+			libpcre2-dev \
+			make \
+			valgrind \
+			vim \
+			zsh \
+			&& \
+			apt-get clean
+
+ADD \
+	.vimrc \
+	.zshrc \
+	/root/
+
+RUN mkdir /opt/autofw
+
+WORKDIR /opt/autofw
+
+ADD src .
+
+RUN \
+	cmake . && \
+	make
+
diff --git a/README.md b/README.md
index 629297d..70bc3e2 100644
--- a/README.md
+++ b/README.md
@@ -13,15 +13,13 @@ It assumes UFW for now.
 
 ## Building
 
-First install some build tools.
-On Ubuntu you will run something like this:
+The easiest way to build this is to use Docker.
 
-- `apt-get install -y cmake libpcre2-dev make gcc`
-
-We use CMake.
-
-- `cmake .`
-- `make`
+1. Install the Docker command line client on your machine.
+1. Run `./build.sh`. This will build a binary for aarch64 or x84_64, depending on your host.
+1. You can also add the parameter `arm` or `x86` to the `./build.sh` script to build for a particular architecture.
+1. The result will be a binary in the `bin` sub directory.
+1. You can then run `./run.sh` for an interactive environment. In this case the source code will be copied to new `src-x` directory (where `x` depends on the architecture), so your changes do not disappear when the Docker container exits. This script also takes the parameter `arm` or `x86`.
 
 Some functions are perhaps overly general, but that is because they are taken directly from the [EMG](https://nordicmessaging.se) source code.
 
@@ -68,7 +66,7 @@ This way whitelisted addresses can never be blocked.
 
 ## TODO
 
-- Dockerfile, for building x86 binaries on arm machines.
+- Better git/ssh setup.
 - IPv6
 - Other firewall backends, such as raw iptables.
 
diff --git a/build.sh b/build.sh
new file mode 100755
index 0000000..a4a9b15
--- /dev/null
+++ b/build.sh
@@ -0,0 +1,18 @@
+
+. ./setarch.sh
+
+pf=linux/$arch
+img=autofw-$arch
+
+export DOCKER_BUILDKIT=1
+
+docker build \
+	--platform $pf \
+	-t $img \
+	.
+
+mkdir -p bin
+docker run --platform $pf -v $PWD/bin:/opt/mount --rm $img cp bin/autofw /opt/mount/autofw-$arch
+
+exit 0
+
diff --git a/run.sh b/run.sh
new file mode 100755
index 0000000..67b3c50
--- /dev/null
+++ b/run.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+. ./setarch.sh
+
+pf=linux/$arch
+img=autofw-$arch
+
+srcdir=`pwd`/src-$arch
+if [ ! -d $srcdir ]; then
+	mkdir -p $srcdir
+	cp -a src/ $srcdir/
+fi
+srcbind="--mount type=bind,source=$srcdir,target=/opt/autofw"
+
+docker run --rm -ti \
+	--platform=$pf \
+	`echo $srcbind` \
+	$img \
+	/bin/zsh
+
diff --git a/setarch.sh b/setarch.sh
new file mode 100644
index 0000000..11e912b
--- /dev/null
+++ b/setarch.sh
@@ -0,0 +1,25 @@
+hostarch=`arch`
+if [ $hostarch = arm64 ]; then
+        arch=arm64
+else
+        arch=amd64
+fi
+#arch=arm64
+#arch=amd64
+
+while [ $# -gt 0 ]; do
+        arg=$1
+        case $arg in
+                arm)
+                        arch=arm64
+                        ;;
+                x86)
+                        arch=amd64
+                        ;;
+                *)
+                        echo ignored arg: $arg
+                        ;;
+        esac
+        shift
+done
+