Clarify firewall docs on behavior with host network containers

Change-type: patch Signed-off-by: Christina Ying Wang <christina@balena.io>
2025-04-05 18:36:43 +00:00 · 2025-03-25 13:09:01 -07:00 · 2025-03-25 13:09:01 -07:00 · caed4dcca0
commit caed4dcca0
parent 7efdeea0f7
1 changed files with 4 additions and 4 deletions
--- a/docs/firewall.md
+++ b/docs/firewall.md
@ -8,10 +8,10 @@ To switch between firewall modes, the `HOST_FIREWALL_MODE` (with `BALENA_` or le

 > [!NOTE] Configuration variables defined in the dashboard will not apply to devices in local mode.

-| Mode | Description                                                                                                                                                 |
-| ---- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| on   | Only traffic for core services provided by balena and containers on the host network are allowed.                                                           |
-| off  | All network traffic is allowed.                                                                                                                             |
+| Mode | Description |
+| ---- | ----------- |
+| on   | Only traffic for core services provided by balena are allowed. Any other ports, including those used by containers with host networking, are blocked unless explicitly configured. |
+| off  | All network traffic is allowed. |
 | auto | If there _are_ host network services, behaves as if `FIREWALL_MODE` = `on`. If there _aren't_ host network services, behaves as if `FIREWALL_MODE` = `off`. |

 ## Issues