From 860b4f3a7dbf76fec96e3f3ec0c63ba57ea37a41 Mon Sep 17 00:00:00 2001
From: Rob Murray <rob.murray@docker.com>
Date: Fri, 8 Mar 2024 17:11:28 +0000
Subject: [PATCH 1/2] 'docker daemon' flags refer to the default bridge

Replace 'docker daemon' with the wording used for the preceeding table,
to make it extra-clear that those flags apply to the default bridge.

Signed-off-by: Rob Murray <rob.murray@docker.com>
---
 docs/reference/commandline/network_create.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md
index 44965adb80..a01900239d 100644
--- a/docs/reference/commandline/network_create.md
+++ b/docs/reference/commandline/network_create.md
@@ -162,7 +162,8 @@ equivalent Docker daemon flags used for docker0 bridge:
 | `com.docker.network.container_iface_prefix`      | -           | Set a custom prefix for container interfaces          |
 
 The following arguments can be passed to `docker network create` for any
-network driver, again with their approximate equivalents to `docker daemon`.
+network driver, again with their approximate equivalents to Docker daemon
+flags used for the docker0 bridge:
 
 | Argument     | Equivalent     | Description                                |
 |--------------|----------------|--------------------------------------------|

From 617377c0453b5614c1bf913ec2475719ee0e8e7a Mon Sep 17 00:00:00 2001
From: Rob Murray <rob.murray@docker.com>
Date: Fri, 8 Mar 2024 17:12:15 +0000
Subject: [PATCH 2/2] Describe an 'internal' network.

Added a description of a '--internal' network (from @neersighted).

Co-authored-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
Signed-off-by: Rob Murray <rob.murray@docker.com>
---
 docs/reference/commandline/network_create.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md
index a01900239d..0b08edbcd6 100644
--- a/docs/reference/commandline/network_create.md
+++ b/docs/reference/commandline/network_create.md
@@ -184,6 +184,12 @@ $ docker network create \
 
 ### <a name="internal"></a> Network internal mode (--internal)
 
+Containers on an internal network may communicate between each other, but not
+with any other network, as no default route is configured and firewall rules
+are set up to drop all traffic to or from other networks. Communication with
+the gateway IP  address (and thus appropriately configured host services) is
+possible, and the host may communicate with any container IP directly.
+
 By default, when you connect a container to an `overlay` network, Docker also
 connects a bridge network to it to provide external connectivity. If you want
 to create an externally isolated `overlay` network, you can specify the