Skip to content

Commit 083495c

Browse files
thaJeztahthaJeztah
authored
Merge pull request #5598 from robmry/dockerd-cmd-ref-ipffd
Add --ip-forward-no-drop to dockerd cmdline ref
2 parents c0a5c68 + 1911ded commit 083495c

File tree

2 files changed

+14
-3
lines changed

2 files changed

+14
-3
lines changed

docs/reference/dockerd.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -72,7 +72,8 @@ Options:
7272
--init-path string Path to the docker-init binary
7373
--insecure-registry list Enable insecure registry communication
7474
--ip ip Default IP when binding container ports (default 0.0.0.0)
75-
--ip-forward Enable net.ipv4.ip_forward (default true)
75+
--ip-forward Enable IP forwarding in system configuration (default true)
76+
--ip-forward-no-drop Do not set the filter-FORWARD policy to DROP when enabling IP forwarding
7677
--ip-masq Enable IP masquerading (default true)
7778
--ip6tables Enable addition of ip6tables rules (experimental)
7879
--iptables Enable addition of iptables rules (default true)

man/dockerd.8.md

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@ dockerd - Enable daemon mode
4545
[**--insecure-registry**[=*[]*]]
4646
[**--ip**[=*0.0.0.0*]]
4747
[**--ip-forward**[=**true**]]
48+
[**--ip-forward-no-drop**[=**true**]]
4849
[**--ip-masq**[=**true**]]
4950
[**--iptables**[=**true**]]
5051
[**--ipv6**]
@@ -294,11 +295,20 @@ unix://[/path/to/socket] to use.
294295
has no effect.
295296

296297
This setting will also enable IPv6 forwarding if you have both
297-
**--ip-forward=true** and **--fixed-cidr-v6** set. Note that this may reject
298-
Router Advertisements and interfere with the host's existing IPv6
298+
**--ip-forward=true** and an IPv6 enabled bridge network. Note that this
299+
may reject Router Advertisements and interfere with the host's existing IPv6
299300
configuration. For more information, consult the documentation about
300301
"Advanced Networking - IPv6".
301302

303+
**--ip-forward-no-drop**=**true**|**false**
304+
When **false**, the default, if Docker enables IP forwarding itself (see
305+
**--ip-forward**), and **--iptables** or **--ip6tables** are enabled, it
306+
also sets the default policy for the FORWARD chain in the iptables or
307+
ip6tables filter table to DROP.
308+
309+
When **true**, and when IP forwarding is already enabled, Docker does
310+
not modify the default policy of the FORWARD chain.
311+
302312
**--ip-masq**=**true**|**false**
303313
Enable IP masquerading for bridge's IP range. Default is **true**.
304314

0 commit comments

Comments
 (0)