Default bridge configuration allows outside world connectivity

[Perdjesk]

File: network/bridge.md

The following section: https://docs.docker.com/network/bridge/#enable-forwarding-from-docker-containers-to-the-outside-world

states

By default, traffic from containers connected to the default bridge network is not forwarded to the outside world.

which is not correct using docker-ce 18.09.07. docker/libnetwork reference: https://github.com/docker/libnetwork/blob/5b9fe1e1628d6077d1ba7a8c9a4310d09c8702ed/drivers/bridge/setup_ip_tables.go#L176

Using default parameters the following iptable is created which allows outgoing packets:

-A FORWARD -i docker0 ! -o docker0 -j ACCEPT

Moreover the steps documented to enable IP forwarding on the host are not mandatory when using default docker daemon parameters since --ip-forward defaults to true, which enable host/kernel IP forwarding when not enabled. docker/libnetwork reference: https://github.com/docker/libnetwork/blob/04a014d03dc9430da22b12307188d2acfa775337/drivers/bridge/setup_ip_forwarding.go#L31

The default bridge network is considered a legacy detail of Docker and is not recommended for production use. Configuring it is a manual operation

Not sure what is the meaning of "legacy detail", but the default bridge network is setup automatically and does not require any manual operation.

[thaJeztah]

/cc @arkodg

[docker-robott]

There hasn't been any activity on this issue for a long time. If the problem is still relevant, add a comment on this issue. If not, this issue will be closed in 14 days.

Mark the issue as fresh with a /remove-lifecycle stale comment. Prevent issues from auto-closing with a /lifecycle frozen comment.

/lifecycle stale

[thaJeztah]

.

[docker-robott]

/lifecycle frozen