opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 19:44:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19222 from Luap99/macvlan-internal

Browse Source 
[CI:DOCS] network create: document --internal better
This commit is contained in:
OpenShift Merge Robot
2023-07-13 15:51:12 +02:00
committed by GitHub
parent 561062dfc5 85d9361332
commit 0285bc122b
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/source/markdown/podman-network-create.1.md
View File

@ -62,7 +62,13 @@ For `macvlan` and `ipvlan`, it is the parent device on the host. It is the same
#### **--internal** #### **--internal**
Restrict external access of this network. Note when using this option, the dnsname plugin is automatically disabled. Restrict external access of this network when using a `bridge` network. Note when using the CNI backend
DNS will be automatically disabled, see **--disable-dns**.
When using the `macvlan` or `ipvlan` driver with this option no default route will be added to the container.
Because it bypasses the host network stack no additional restrictions can be set by podman and if a
privileged container is run it can set a default route themselves. If this is a concern then the
container connections should be blocked on your actual network gateway.
#### **--ip-range**=*range* #### **--ip-range**=*range*