@@ -11,16 +11,25 @@ aliases:
1111- /network/drivers/bridge/
1212---
1313
14- In terms of networking, a bridge network is a Link Layer device
15- which forwards traffic between network segments. A bridge can be a hardware
16- device or a software device running within a host machine's kernel.
14+ A Docker bridge network has an IPv4 subnet and, optionally, an IPv6 subnet.
15+ Each container connected to the bridge network has a network interface with
16+ addresses in the network's subnets. By default, it:
17+ - Allows unrestricted network access to containers in the network from
18+ the host, and from other containers connected to the same bridge network.
19+ - Blocks access from containers in other networks and from outside the
20+ Docker host.
21+ - Uses masquerading to give containers external network access. Devices on
22+ the host's external networks only see the IP address of the Docker host.
23+ - Supports port publishing, where network traffic is forwarded between
24+ container ports and ports on host IP addresses. The published ports
25+ can be accessed from outside the Docker host, on its IP addresses.
1726
1827In terms of Docker, a bridge network uses a software bridge which lets
1928containers connected to the same bridge network communicate, while providing
20- isolation from containers that aren't connected to that bridge network. The
21- Docker bridge driver automatically installs rules in the host machine so that
22- containers on different bridge networks can't communicate directly with each
23- other.
29+ isolation from containers that aren't connected to that bridge network. By
30+ default, the Docker bridge driver automatically installs rules in the host
31+ machine so that containers connected to different bridge networks can only
32+ communicate with each other using published ports .
2433
2534Bridge networks apply to containers running on the same Docker daemon host.
2635For communication among containers running on different Docker daemon hosts, you
0 commit comments