Merge pull request #19844 from dvdksn/disambiguate-docker-firewalld-iptables

network: disambiguate which program the iptables option applies to

Author: dvdksn

content/network/packet-filtering-firewalls.md

@@ -155,10 +155,11 @@ $ docker network create mybridge \
 
 ## Integration with firewalld
 
-If you are running Docker with [firewalld](https://firewalld.org)
-on your system with `--iptables` enabled, Docker automatically creates a `firewalld`
-zone called `docker` and inserts all the network interfaces it creates (for example,
-`docker0`) into the `docker` zone to allow seamless networking.
+If you are running Docker with the `iptables` option set to `true`, and
+[firewalld](https://firewalld.org) is enabled on your system, Docker
+automatically creates a `firewalld` zone called `docker` and inserts all the
+network interfaces it creates (for example, `docker0`) into the `docker` zone
+to allow seamless networking.
 
 ## Docker and ufw
 
@@ -172,4 +173,4 @@ container gets diverted before it goes through the ufw firewall settings.
 Docker routes container traffic in the `nat` table, which means that packets
 are diverted before it reaches the `INPUT` and `OUTPUT` chains that ufw uses.
 Packets are routed before the firewall rules can be applied,
-effectively ignoring your firewall configuration.
+effectively ignoring your firewall configuration.