@@ -11,16 +11,29 @@ aliases:
1111- /network/drivers/bridge/
1212---
1313
14+ A Docker bridge network has an IPv4 subnet and, optionally, an IPv6 subnet.
15+ Each container connected to the bridge network has a network interface with
16+ addresses in the network's subnets. By default, it:
17+ - Allows unrestricted network access to containers in the network from
18+ the host, and from other containers connected to the same bridge network.
19+ - Blocks access from containers in other networks and from outside the
20+ Docker host.
21+ - Uses masquerading to give containers external network access. Devices on
22+ the host's external networks only see the IP address of the Docker host.
23+ - Supports port publishing, where network traffic is forwarded between
24+ container ports and ports on host IP addresses. The published ports
25+ can be accessed from outside the Docker host, on its IP addresses.
26+
1427In terms of networking, a bridge network is a Link Layer device
1528which forwards traffic between network segments. A bridge can be a hardware
1629device or a software device running within a host machine's kernel.
1730
1831In terms of Docker, a bridge network uses a software bridge which lets
1932containers connected to the same bridge network communicate, while providing
20- isolation from containers that aren't connected to that bridge network. The
21- Docker bridge driver automatically installs rules in the host machine so that
22- containers on different bridge networks can't communicate directly with each
23- other.
33+ isolation from containers that aren't connected to that bridge network. By
34+ default, the Docker bridge driver automatically installs rules in the host
35+ machine so that containers connected to different bridge networks can only
36+ communicate with each other using published ports .
2437
2538Bridge networks apply to containers running on the same Docker daemon host.
2639For communication among containers running on different Docker daemon hosts, you
0 commit comments