From 6176a7686e28b03664041d33eaa92a0ea7f6c126 Mon Sep 17 00:00:00 2001
From: Rob Murray <rob.murray@docker.com>
Date: Wed, 23 Jul 2025 11:13:20 +0100
Subject: [PATCH 1/2] dockerd.md: add --bridge-accept-fwmark

Related to https://github.com/moby/moby/commit/cf1695bef13b4eeef71d106a979825aaaed8a79f

Signed-off-by: Rob Murray <rob.murray@docker.com>
---
 docs/reference/dockerd.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/reference/dockerd.md b/docs/reference/dockerd.md
index 1e2b01633c..10bcc2da43 100644
--- a/docs/reference/dockerd.md
+++ b/docs/reference/dockerd.md
@@ -29,6 +29,7 @@ Options:
       --bip string                            IPv4 address for the default bridge
       --bip6 string                           IPv6 address for the default bridge
   -b, --bridge string                         Attach containers to a network bridge
+      --bridge-accept-fwmark string           In bridge networks, accept packets with this firewall mark/mask
       --cdi-spec-dir list                     CDI specification directories to use
       --cgroup-parent string                  Set parent cgroup for all containers
       --config-file string                    Daemon configuration file (default "/etc/docker/daemon.json")
@@ -1070,6 +1071,7 @@ The following is a full example of the allowed configuration options on Linux:
   "bip": "",
   "bip6": "",
   "bridge": "",
+  "bridge-accept-fwmark": "",
   "builder": {
     "gc": {
       "enabled": true,

From 3f0ccd1b71d11772f986ad8217ee9c89ed9a082f Mon Sep 17 00:00:00 2001
From: Rob Murray <rob.murray@docker.com>
Date: Wed, 23 Jul 2025 11:26:39 +0100
Subject: [PATCH 2/2] dockerd.md: Add --firewall-backend

Related to https://github.com/moby/moby/commit/39ab39327417e1feebbc48a98748579ff8872e45

Signed-off-by: Rob Murray <rob.murray@docker.com>
---
 docs/reference/dockerd.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/reference/dockerd.md b/docs/reference/dockerd.md
index 10bcc2da43..3af8457251 100644
--- a/docs/reference/dockerd.md
+++ b/docs/reference/dockerd.md
@@ -59,6 +59,7 @@ Options:
       --exec-root string                      Root directory for execution state files (default "/var/run/docker")
       --experimental                          Enable experimental features
       --feature map                           Enable feature in the daemon
+      --firewall-backend string               Firewall backend to use, iptables or nftables
       --fixed-cidr string                     IPv4 subnet for the default bridge network
       --fixed-cidr-v6 string                  IPv6 subnet for the default bridge network
   -G, --group string                          Group for the unix socket (default "docker")
@@ -1122,6 +1123,7 @@ The following is a full example of the allowed configuration options on Linux:
     "cdi": true,
     "containerd-snapshotter": true
   },
+  "firewall-backend": "",
   "fixed-cidr": "",
   "fixed-cidr-v6": "",
   "group": "",