Add 'docker-forwarding' policy to firewalld description.

robmry · robmry · commit 506bd33f203a · 2024-05-07T14:32:38.000+01:00
Signed-off-by: Rob Murray &lt;rob.murray@docker.com&gt;
diff --git a/content/network/packet-filtering-firewalls.md b/content/network/packet-filtering-firewalls.md
@@ -157,9 +157,13 @@ $ docker network create mybridge \
 
 If you are running Docker with the `iptables` option set to `true`, and
 [firewalld](https://firewalld.org) is enabled on your system, Docker
-automatically creates a `firewalld` zone called `docker` and inserts all the
-network interfaces it creates (for example, `docker0`) into the `docker` zone
-to allow seamless networking.
+automatically creates a `firewalld` zone called `docker`, with target `ACCEPT`.
+
+All network interfaces created by Docker (for example, `docker0`) are inserted
+into the `docker` zone.
+
+Docker also creates a forwarding policy called `docker-forwarding` that allows
+forwarding from `ANY` zone to the `docker` zone.
 
 ## Docker and ufw
 
