1berry/docker-cli
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add --ip-filter-forward-drop

Browse Source 
Added to the dockerd cmdline ref and its manpage.

Signed-off-by: Rob Murray <rob.murray@docker.com>
This commit is contained in:
Rob Murray 2024-11-06 14:47:53 +00:00
parent 2369935bdb
commit 1911dedcf2
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/reference/dockerd.md
View File

@ -72,7 +72,8 @@ Options:
--init-path string Path to the docker-init binary --init-path string Path to the docker-init binary
--insecure-registry list Enable insecure registry communication --insecure-registry list Enable insecure registry communication
--ip ip Default IP when binding container ports (default 0.0.0.0) --ip ip Default IP when binding container ports (default 0.0.0.0)
--ip-forward Enable net.ipv4.ip_forward (default true) --ip-forward Enable IP forwarding in system configuration (default true)
--ip-forward-no-drop Do not set the filter-FORWARD policy to DROP when enabling IP forwarding
--ip-masq Enable IP masquerading (default true) --ip-masq Enable IP masquerading (default true)
--ip6tables Enable addition of ip6tables rules (experimental) --ip6tables Enable addition of ip6tables rules (experimental)
--iptables Enable addition of iptables rules (default true) --iptables Enable addition of iptables rules (default true)

14
man/dockerd.8.md
View File

@ -44,6 +44,7 @@ dockerd - Enable daemon mode
[**--insecure-registry**[=*[]*]] [**--insecure-registry**[=*[]*]]
[**--ip**[=*0.0.0.0*]] [**--ip**[=*0.0.0.0*]]
[**--ip-forward**[=**true**]] [**--ip-forward**[=**true**]]
[**--ip-forward-no-drop**[=**true**]]
[**--ip-masq**[=**true**]] [**--ip-masq**[=**true**]]
[**--iptables**[=**true**]] [**--iptables**[=**true**]]
[**--ipv6**] [**--ipv6**]
@ -289,11 +290,20 @@ unix://[/path/to/socket] to use.
has no effect. has no effect.
This setting will also enable IPv6 forwarding if you have both This setting will also enable IPv6 forwarding if you have both
**--ip-forward=true** and **--fixed-cidr-v6** set. Note that this may reject **--ip-forward=true** and an IPv6 enabled bridge network. Note that this
Router Advertisements and interfere with the host's existing IPv6 may reject Router Advertisements and interfere with the host's existing IPv6
configuration. For more information, consult the documentation about configuration. For more information, consult the documentation about
"Advanced Networking - IPv6". "Advanced Networking - IPv6".
**--ip-forward-no-drop**=**true**|**false**
When **false**, the default, if Docker enables IP forwarding itself (see
**--ip-forward**), and **--iptables** or **--ip6tables** are enabled, it
also sets the default policy for the FORWARD chain in the iptables or
ip6tables filter table to DROP.
When **true**, and when IP forwarding is already enabled, Docker does
not modify the default policy of the FORWARD chain.
**--ip-masq**=**true**|**false** **--ip-masq**=**true**|**false**
Enable IP masquerading for bridge's IP range. Default is **true**. Enable IP masquerading for bridge's IP range. Default is **true**.