Clarify that ipmasq rules are not added when iptables is false

Signed-off-by: Misty Stanley-Jones <misty@docker.com>
This commit is contained in:
bbayani 2016-11-18 14:22:49 -08:00 committed by Tibor Vass
parent 1ce4af2038
commit d6d3f5144c
1 changed files with 8 additions and 4 deletions

View File

@ -1337,9 +1337,13 @@ set this parameter separately for each daemon.
pid file here. pid file here.
- `--host=[]` specifies where the Docker daemon will listen for client connections. If unspecified, it defaults to `/var/run/docker.sock`. - `--host=[]` specifies where the Docker daemon will listen for client connections. If unspecified, it defaults to `/var/run/docker.sock`.
- `--iptables=false` prevents the Docker daemon from adding iptables rules. If - `--iptables=false` prevents the Docker daemon from adding iptables rules. If
multiple daemons manage iptables rules, they may overwrite rules set by multiple daemons manage iptables rules, they may overwrite rules set by another
another daemon. Be aware that disabling this option requires you to manually daemon. Be aware that disabling this option requires you to manually add
add iptables rules to expose container ports. iptables rules to expose container ports. If you prevent Docker from adding
iptables rules, Docker will also not add IP masquerading rules, even if you set
`--ip-masq` to `true`. Without IP masquerading rules, Docker containers will not be
able to connect to external hosts or the internet when using network other than
default bridge.
- `--config-file=/etc/docker/daemon.json` is the path where configuration file is stored. You can use it instead of - `--config-file=/etc/docker/daemon.json` is the path where configuration file is stored. You can use it instead of
daemon flags. Specify the path for each daemon. daemon flags. Specify the path for each daemon.
- `--tls*` Docker daemon supports `--tlsverify` mode that enforces encrypted and authenticated remote connections. - `--tls*` Docker daemon supports `--tlsverify` mode that enforces encrypted and authenticated remote connections.