1.2 KiB
####> This option file is used in: ####> podman network create, podman-network.unit.5.md.in ####> If file is edited, make sure the changes ####> are applicable to all of those. << if is_quadlet >>
Internal=true
<< else >>
--internal
<< endif >>
Restrict external access of this network when using a bridge network. Note when using the CNI backend
DNS will be automatically disabled, see --disable-dns.
When using the macvlan or ipvlan driver with this option no default route will be added to the container.
Because it bypasses the host network stack no additional restrictions can be set by podman and if a
privileged container is run it can set a default route themselves. If this is a concern then the
container connections should be blocked on your actual network gateway.
Using the bridge driver with this option has the following effects:
- Global IP forwarding sysctls will not be changed in the host network namespace.
- IP forwarding is disabled on the bridge interface instead of setting up a firewall.
- No default route will be added to the container.
In all cases, aardvark-dns will only resolve container names with this option enabled.
Other queries will be answered with NXDOMAIN.