Features of User-Defined Bridge Networks and Options

Using a user-defined network provides a scoped network in which only containers attached to that network are able to communicate. - **Containers can be attached and detached from user-defined networks on the fly**. During a container's lifetime, you can connect or disconnect it from user-defined networks on the fly. To remove a container from the default bridge network, you need to stop the container and recreate it with different network options. - **Each user-defined network creates a configurable bridge**. If your containers use the default bridge network, you can configure it, but all the containers use the same settings, such as MTU and `iptables` rules. In addition, configuring the default bridge network happens outside of Docker itself, and requires a restart of Docker. User-defined bridge networks are created and configured using `docker network create`. If different groups of applications have different network requirements, you can configure each user-defined bridge separately, as you create it. - **Linked containers on the default bridge network share environment variables**. Originally, the only way to share environment variables between two containers was to link them using the [`--link` flag](../links.md). This type of variable sharing isn't possible with user-defined networks. However, there are superior ways to share environment variables. A few ideas: - Multiple containers can mount a file or directory containing the shared information, using a Docker volume. - Multiple containers can be started together using `docker-compose` and the compose file can define the shared variables. - You can use swarm services instead of standalone containers, and take advantage of shared [secrets](/manuals/engine/swarm/secrets.md) and [configs](/manuals/engine/swarm/configs.md). Containers connected to the same user-defined bridge network effectively expose all ports to each other. For a port to be accessible to containers or non-Docker hosts on different networks, that port must be _published_ using the `-p` or `--publish` flag. ## Options The following table describes the driver-specific options that you can pass to `--opt` when creating a custom network using the `bridge` driver. | Option | Default | Description | |-------------------------------------------------------------------------------------------------|-----------------------------|-----------------------------------------------------------------------------------------------------| | `com.docker.network.bridge.name` | | Interface name to use when creating the Linux bridge. | | `com.docker.network.bridge.enable_ip_masquerade` | `true` | Enable IP masquerading. | | `com.docker.network.bridge.gateway_mode_ipv4`<br/>`com.docker.network.bridge.gateway_mode_ipv6` | `nat` | Control external connectivity. See [Packet filtering and firewalls](packet-filtering-firewalls.md). | | `com.docker.network.bridge.enable_icc` | `true` | Enable or Disable inter-container connectivity. | | `com.docker.network.bridge.host_binding_ipv4` | all IPv4 and IPv6 addresses | Default IP when binding container ports. | | `com.docker.network.driver.mtu` | `0` (no limit) | Set the containers network Maximum Transmission Unit (MTU). |

This section details advantages of user-defined bridge networks in Docker, like dynamic container attachment/detachment and configurable bridges. It also mentions how linked containers on the default bridge share environment variables, but user-defined networks require alternative sharing methods like volumes or Docker Compose. Containers on the same user-defined bridge expose all ports internally, with external access requiring port publishing. The section then lists driver-specific options for creating custom bridge networks, including interface name, IP masquerading, gateway mode, inter-container connectivity, host binding IP, and MTU setting.