opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-02 02:26:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

network create: document --internal better

Browse Source 
When using --internal for macvlan/ipvlan networks we simply do not add a
default gateway/route. Make this clear in the docs.

Fixes #18914

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit is contained in:
Paul Holzinger
2023-07-13 13:21:13 +02:00
parent 69f112a8bf
commit 85d9361332
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/source/markdown/podman-network-create.1.md
View File

@ -62,7 +62,13 @@ For `macvlan` and `ipvlan`, it is the parent device on the host. It is the same
#### **--internal**
Restrict external access of this network. Note when using this option, the dnsname plugin is automatically disabled.
Restrict external access of this network when using a `bridge` network. Note when using the CNI backend
DNS will be automatically disabled, see **--disable-dns**.
When using the `macvlan` or `ipvlan` driver with this option no default route will be added to the container.
Because it bypasses the host network stack no additional restrictions can be set by podman and if a
privileged container is run it can set a default route themselves. If this is a concern then the
container connections should be blocked on your actual network gateway.
#### **--ip-range**=*range*