Updates for moby 28.0 networking

[robmry]

Description

Updates for moby 28.0 networking.

Related issues or tickets

Series of commits ...

• Fix description of 'inhibit_ipv4'
  • Not changed in moby 28.0, updated to clarify difference from (new) IPv6-only networks.
• Updates to default bridge address config
  • Align fixed-cidr-v6 with fixed-cidr, use default ULA prefix if no fixed-cidr-v6 moby/moby#48319
• Describe IPv6-only network config
  • IPv6 only: add API option enable/disable IPv4 moby/moby#48271
  • Add option --ipv4 cli#5599
• Update description of gateway modes
  • Only set ip6tables filter-FORWARD DROP if necessary moby/moby#48594
  • Make containers on routed-mode networks accessible from other bridge networks moby/moby#48596
  • Add gateway mode "nat-unprotected" moby/moby#48597
• Describe gateway selection in the networking overview.
  • run, create, connect: add support for gw-priority cli#5664

Reviews

• Technical review
• Editorial review
• Product review

[netlify]

✅ Deploy Preview for docsdocker ready!

Name	Link
🔨 Latest commit	42decd8
🔍 Latest deploy log	https://app.netlify.com/sites/docsdocker/deploys/6759ba490a130d0007d8585a
😎 Deploy Preview	https://deploy-preview-21612--docsdocker.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[dvdksn]

Looks great, only nitpicks from me

[dvdksn]

What is --internal, why is it written like a CLI flag?

[robmry]

Good point - how about I make it a link to https://docs.docker.com/reference/cli/docker/network/create/#internal ?

[dvdksn]

Suggested change

	The default gateway is selected by docker, and may change each time a
	container's network connections change.
	To make docker choose a specific default gateway when creating the container
	The default gateway is selected by Docker, and may change whenever a
	container's network connections change.
	To make Docker choose a specific default gateway when creating the container

[dvdksn]

Suggested change

	in [docker run](/reference/cli/docker/container/run.md) and
	[docker network connect](/reference/cli/docker/network/connect.md).
	for the [`docker run`](/reference/cli/docker/container/run.md) and
	[`docker network connect`](/reference/cli/docker/network/connect.md) commands.

[dvdksn]

Suggested change

	- Option `fixed-cidr-v6` is optional, it specifies the address range docker may
	- Option `fixed-cidr-v6` is optional, it specifies the address range Docker may

[dvdksn]

Suggested change

	If you do not provide a `--subnet` option, a unique-local address (ULA) prefix
	If you do not provide a `--subnet` option, a Unique Local Address (ULA) prefix

[dvdksn]

Suggested change

	Within a local layer-2 network, any remote host can set up a static route
	to a container network via the docker host's address on the local network.
	Within a local layer 2 network, remote hosts can set up static routes
	to a container network using the Docker daemon host's address on the local network.

[dvdksn]

Suggested change

	So, those local remote hosts can access containers directly. Remote hosts
	outside the local network will only have direct access to containers if
	routers are configured to enable it.
	This allows local remote hosts to access containers directly. For remote
	hosts outside the local network, direct access to containers requires
	router configuration to enable the necessary routing.

[robmry]

Hmm, reading this again, "local remote hosts" are a bit weird!

How about I change it to ...

Within a local layer 2 network, remote hosts can set up static routes
to a container network using the Docker daemon host's address on the local
network. Those hosts can access containers directly. For remote
hosts outside the local network, direct access to containers requires
router configuration to enable the necessary routing.