Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: improve documentation for internal networks
Browse files Browse the repository at this point in the history
This goes into more detail about what this option actually does.

Signed-off-by: Michael Zimmermann <sigmaepsilon92@gmail.com>
M1cha committed Nov 25, 2024
1 parent fbafcba commit 162bf15
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions docs/source/markdown/podman-network-create.1.md
Original file line number Diff line number Diff line change
@@ -70,6 +70,14 @@ Because it bypasses the host network stack no additional restrictions can be set
privileged container is run it can set a default route themselves. If this is a concern then the
container connections should be blocked on your actual network gateway.

Using the `bridge` driver with this option has the following effects:
- Global IP forwarding sysctls will not be changed in the host network namespace.
- IP forwarding is disabled on the bridge interface instead of setting up a firewall.
- No default route will be added to the container.

In all cases, aardvark-dns will only resolve container names with this option enabled.
Other queries will be answered with `NXDOMAIN`.

#### **--ip-range**=*range*

Allocate container IP from a range. The range must be a either a complete subnet in CIDR notation or be in

0 comments on commit 162bf15

Please sign in to comment.