Skip to content

Commit 276aca1

Browse files
committed
docs(portfwd): document disabling forwarding
Signed-off-by: Rowan Stein <rowan.stein@agyn.io> Signed-off-by: Benkovichnikita <benkovich@agyn.io> Signed-off-by: Casey Quinn <casey.quinn@agyn.io>
1 parent a19ee94 commit 276aca1

File tree

2 files changed

+23
-5
lines changed

2 files changed

+23
-5
lines changed

templates/default.yaml

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -327,7 +327,7 @@ minimumLimaVersion: 2.0.0
327327
# EXPERIMENTAL
328328
# Default settings can be imported from base templates. These will be merged in when the instance
329329
# is created, and the combined template is stored in the instance directory.
330-
# This setting can be either a single string (URL), or a list of locators.
330+
# This setting ca be either a single string (URL), or a list of locators.
331331
# A locator is again either a string (URL), or an object with "url" and "digest" properties, e.g.
332332
# base: [{url: ./base.yaml, digest: decafbad}, …]
333333
# The "digest" property is currently unused.
@@ -489,9 +489,13 @@ networks:
489489
# # default: guestPortRange: [1, 65535]
490490
# # default: hostPortRange: [1, 65535]
491491
#
492-
# - guestIP: 0.0.0.0 # otherwise defaults to 127.0.0.1
493-
# proto: any # tcp and udp
494-
# ignore: true # don't forward these ports (guestPortRange, in this case 1-65535)
492+
# To disable all dynamic TCP/UDP forwarding (while keeping SSH available via `limactl shell`),
493+
# use a single ignore rule.
494+
# portForwards:
495+
# - guestIP: 0.0.0.0
496+
# guestIPMustBeZero: false # ensures 0.0.0.0 matches any guest interface
497+
# proto: any
498+
# ignore: true
495499
#
496500
# - guestPort: 7443
497501
# guestIP: "0.0.0.0" # Will match *any* interface

website/content/en/docs/config/port.md

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -129,4 +129,18 @@ The benchmark result, especially the throughput of vzNAT, highly depends on the
129129
- Hardware: MacBook Pro 2024 (M4 Max, 128 GiB)
130130

131131
</p>
132-
</details>
132+
</details>
133+
134+
## Disable all port forwarding
135+
136+
To disable all dynamic TCP and UDP port forwarding, add a single ignore rule to your instance configuration. SSH access via `limactl shell` continues to work.
137+
138+
```yaml
139+
portForwards:
140+
- guestIP: 0.0.0.0
141+
guestIPMustBeZero: false
142+
proto: any
143+
ignore: true
144+
```
145+
146+
On Lima versions prior to 2.0, omit the `guestIPMustBeZero` field (the rule still works without it).

0 commit comments

Comments
 (0)