mirror of https://github.com/docker/cli.git
Clarify that ipmasq rules are not added when iptables is false
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
This commit is contained in:
parent
1ce4af2038
commit
d6d3f5144c
|
@ -1337,9 +1337,13 @@ set this parameter separately for each daemon.
|
||||||
pid file here.
|
pid file here.
|
||||||
- `--host=[]` specifies where the Docker daemon will listen for client connections. If unspecified, it defaults to `/var/run/docker.sock`.
|
- `--host=[]` specifies where the Docker daemon will listen for client connections. If unspecified, it defaults to `/var/run/docker.sock`.
|
||||||
- `--iptables=false` prevents the Docker daemon from adding iptables rules. If
|
- `--iptables=false` prevents the Docker daemon from adding iptables rules. If
|
||||||
multiple daemons manage iptables rules, they may overwrite rules set by
|
multiple daemons manage iptables rules, they may overwrite rules set by another
|
||||||
another daemon. Be aware that disabling this option requires you to manually
|
daemon. Be aware that disabling this option requires you to manually add
|
||||||
add iptables rules to expose container ports.
|
iptables rules to expose container ports. If you prevent Docker from adding
|
||||||
|
iptables rules, Docker will also not add IP masquerading rules, even if you set
|
||||||
|
`--ip-masq` to `true`. Without IP masquerading rules, Docker containers will not be
|
||||||
|
able to connect to external hosts or the internet when using network other than
|
||||||
|
default bridge.
|
||||||
- `--config-file=/etc/docker/daemon.json` is the path where configuration file is stored. You can use it instead of
|
- `--config-file=/etc/docker/daemon.json` is the path where configuration file is stored. You can use it instead of
|
||||||
daemon flags. Specify the path for each daemon.
|
daemon flags. Specify the path for each daemon.
|
||||||
- `--tls*` Docker daemon supports `--tlsverify` mode that enforces encrypted and authenticated remote connections.
|
- `--tls*` Docker daemon supports `--tlsverify` mode that enforces encrypted and authenticated remote connections.
|
||||||
|
|
Loading…
Reference in New Issue