diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md
index a01900239d..0b08edbcd6 100644
--- a/docs/reference/commandline/network_create.md
+++ b/docs/reference/commandline/network_create.md
@@ -184,6 +184,12 @@ $ docker network create \
 
 ### <a name="internal"></a> Network internal mode (--internal)
 
+Containers on an internal network may communicate between each other, but not
+with any other network, as no default route is configured and firewall rules
+are set up to drop all traffic to or from other networks. Communication with
+the gateway IP  address (and thus appropriately configured host services) is
+possible, and the host may communicate with any container IP directly.
+
 By default, when you connect a container to an `overlay` network, Docker also
 connects a bridge network to it to provide external connectivity. If you want
 to create an externally isolated `overlay` network, you can specify the