Merge pull request #2413 from balena-os/clarify-firewall-docs-on-host-network-containers

Clarify firewall docs on behavior with host network containers
2025-03-31 16:10:36 +00:00 · 2025-03-25 13:40:28 -07:00 · 2025-03-25 13:40:28 -07:00 · 623a1638c1
commit 623a1638c1
parent 7efdeea0f7 caed4dcca0
1 changed files with 4 additions and 4 deletions
--- a/docs/firewall.md
+++ b/docs/firewall.md
@ -8,10 +8,10 @@ To switch between firewall modes, the `HOST_FIREWALL_MODE` (with `BALENA_` or le

 > [!NOTE] Configuration variables defined in the dashboard will not apply to devices in local mode.

-| Mode | Description                                                                                                                                                 |
-| ---- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| on   | Only traffic for core services provided by balena and containers on the host network are allowed.                                                           |
-| off  | All network traffic is allowed.                                                                                                                             |
+| Mode | Description |
+| ---- | ----------- |
+| on   | Only traffic for core services provided by balena are allowed. Any other ports, including those used by containers with host networking, are blocked unless explicitly configured. |
+| off  | All network traffic is allowed. |
 | auto | If there _are_ host network services, behaves as if `FIREWALL_MODE` = `on`. If there _aren't_ host network services, behaves as if `FIREWALL_MODE` = `off`. |

 ## Issues