vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2026-03-31 07:12:23 -07:00
Code Issues Actions 15 Packages Projects Releases Wiki Activity

docs: clarify ARP flux sysctl limitations with host networking

Browse Source
This commit is contained in:
Meatloaf-bot
2026-03-09 19:27:40 -04:00
parent a60ec9ed3a
commit 93fc126da2
3 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/DOCKER_COMPOSE.md
View File

@@ -30,6 +30,14 @@ services:
- CHOWN # Required for root-entrypoint to chown /data + /tmp before dropping privileges
- SETUID # Required for root-entrypoint to switch to non-root user
- SETGID # Required for root-entrypoint to switch to non-root group
# --- ARP FLUX MITIGATION ---
# Note: If running in `network_mode: host`, modern Docker/runc will correctly
# block sysctl overrides via the container configuration to prevent
# unauthorized changes to the host's global kernel settings.
#
# If using host networking, REMOVE the sysctls block below and apply
# settings directly on your Host OS instead (sudo sysctl -w ...).
# ---------------------------
sysctls: # ARP flux mitigation (reduces duplicate/ambiguous ARP behavior on host networking)
net.ipv4.conf.all.arp_ignore: 1
net.ipv4.conf.all.arp_announce: 2