Explain how to use "network connect --driver-opt" to set sysctls

Signed-off-by: Rob Murray <rob.murray@docker.com>
docker · May 8, 2024 · f4cef3e · f4cef3e
1 parent 8570197
commit f4cef3e
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md
@@ -65,6 +65,22 @@ being connected to.
 $ docker network connect --alias db --alias mysql multi-host-network container2
 ```
 
+### <a name="sysctl"></a> Set sysctls for a container's interface (--driver-opt)
+
+`sysctl` settings that start with `net.ipv4.` and `net.ipv6.` can be set per-interface
+using `--driver-opt` label `com.docker.network.endpoint.sysctls`. The `net.` prefix and
+the name of the interface must not be included. To set more than one `sysctl` for an
+interface, repeat the `driver-opt`. Network drivers may restrict the sysctl settings
+that can be modified and, to protect the operation of the network, new restrictions
+may be added in the future.
+
+For example, if the interface to `my-net` is given name `eth3`, the following example
+sets `net.ipv4.conf.eth3.log_martians=1` and `net.ipv4.conf.eth3.forwarding=0`.
+
+```console
+$ docker network connect --driver-opt ipv4.conf.log_martians=1 --driver-opt ipv4.conf.forwarding=0 multi-host-network container2
+```
+
 ### Network implications of stopping, pausing, or restarting containers
 
 You can pause, restart, and stop containers that are connected to a network.