7612af4c0e
This commit does the following: - Splits the podman-systemd.unit.5.md into multiple files - one for each quadlet file type. - Adds the podman-quadlet-basic-usage.7.md for quadlet examples. - Majority of the text in the new files is copied from the podman-systemd.unit.5.md - Adds support for very simple condditional in the markdown_preprocess. - Uses new logic in markdown_preprocess in options/*.md to use a single .md file for both podman subcommands man-pages and quadlet man-pages. This deduplicates the Quadlet man-pages a lot. - Adds new `@@option quadlet:source.md`` preprocess command to import such .md files from options directory. Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
1.2 KiB
####> This option file is used in: ####> podman network create, podman-network.unit.5.md.in ####> If file is edited, make sure the changes ####> are applicable to all of those. << if is_quadlet >>
Internal=true
<< else >>
--internal
<< endif >>
Restrict external access of this network when using a bridge network. Note when using the CNI backend
DNS will be automatically disabled, see --disable-dns.
When using the macvlan or ipvlan driver with this option, no default route will be added to the container.
Because it bypasses the host network stack, no additional restrictions can be set by Podman, and if a
privileged container is run, the container can set a default route itself. If this is a concern, then the
container connections should be blocked on the actual network gateway.
Using the bridge driver with this option has the following effects:
- Global IP forwarding sysctls will not be changed in the host network namespace.
- IP forwarding is disabled on the bridge interface instead of setting up a firewall.
- No default route will be added to the container.
In all cases, aardvark-dns will only resolve container names with this option enabled.
Other queries will be answered with NXDOMAIN.