Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add --ip-forward-no-drop to dockerd cmdline ref #5598

Merged
merged 1 commit into from
Nov 29, 2024
Merged

Add --ip-forward-no-drop to dockerd cmdline ref #5598

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion docs/reference/dockerd.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,8 @@ Options:
--init-path string Path to the docker-init binary
--insecure-registry list Enable insecure registry communication
--ip ip Default IP when binding container ports (default 0.0.0.0)
--ip-forward Enable net.ipv4.ip_forward (default true)
--ip-forward Enable IP forwarding in system configuration (default true)
--ip-forward-no-drop Do not set the filter-FORWARD policy to DROP when enabling IP forwarding
--ip-masq Enable IP masquerading (default true)
--ip6tables Enable addition of ip6tables rules (experimental)
--iptables Enable addition of iptables rules (default true)
Expand Down
14 changes: 12 additions & 2 deletions man/dockerd.8.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ dockerd - Enable daemon mode
[**--insecure-registry**[=*[]*]]
[**--ip**[=*0.0.0.0*]]
[**--ip-forward**[=**true**]]
[**--ip-forward-no-drop**[=**true**]]
[**--ip-masq**[=**true**]]
[**--iptables**[=**true**]]
[**--ipv6**]
Expand Down Expand Up @@ -289,11 +290,20 @@ unix://[/path/to/socket] to use.
has no effect.

This setting will also enable IPv6 forwarding if you have both
**--ip-forward=true** and **--fixed-cidr-v6** set. Note that this may reject
Router Advertisements and interfere with the host's existing IPv6
**--ip-forward=true** and an IPv6 enabled bridge network. Note that this
may reject Router Advertisements and interfere with the host's existing IPv6
configuration. For more information, consult the documentation about
"Advanced Networking - IPv6".

**--ip-forward-no-drop**=**true**|**false**
When **false**, the default, if Docker enables IP forwarding itself (see
**--ip-forward**), and **--iptables** or **--ip6tables** are enabled, it
also sets the default policy for the FORWARD chain in the iptables or
ip6tables filter table to DROP.

When **true**, and when IP forwarding is already enabled, Docker does
not modify the default policy of the FORWARD chain.

**--ip-masq**=**true**|**false**
Enable IP masquerading for bridge's IP range. Default is **true**.

Expand Down
Loading