From 617377c0453b5614c1bf913ec2475719ee0e8e7a Mon Sep 17 00:00:00 2001
From: Rob Murray <rob.murray@docker.com>
Date: Fri, 8 Mar 2024 17:12:15 +0000
Subject: [PATCH] Describe an 'internal' network.

Added a description of a '--internal' network (from @neersighted).

Co-authored-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
Signed-off-by: Rob Murray <rob.murray@docker.com>
---
 docs/reference/commandline/network_create.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md
index a01900239d..0b08edbcd6 100644
--- a/docs/reference/commandline/network_create.md
+++ b/docs/reference/commandline/network_create.md
@@ -184,6 +184,12 @@ $ docker network create \
 
 ### <a name="internal"></a> Network internal mode (--internal)
 
+Containers on an internal network may communicate between each other, but not
+with any other network, as no default route is configured and firewall rules
+are set up to drop all traffic to or from other networks. Communication with
+the gateway IP  address (and thus appropriately configured host services) is
+possible, and the host may communicate with any container IP directly.
+
 By default, when you connect a container to an `overlay` network, Docker also
 connects a bridge network to it to provide external connectivity. If you want
 to create an externally isolated `overlay` network, you can specify the