podman-network-create - Man Page

Create a Podman network


podman network create  [options] [name]


Create a network configuration for use with Podman. By default, Podman creates a bridge connection. A Macvlan connection can be created with the -d macvlan option. A parent device for macvlan or ipvlan can be designated with the -o parent=<device> or --network-interface=<device> option.

If no options are provided, Podman will assign a free subnet and name for the network.

Upon completion of creating the network, Podman will display the name of the newly added network.

NOTE: The support for the network name pasta is deprecated and will be removed in the next major release because it is used as a special network mode in podman run/create --network.



Disables the DNS plugin for this network which if enabled, can perform container to container name resolution. It is only supported with the bridge driver, for other drivers it will be always disabled.


Set network-scoped DNS resolver/nameserver for containers in this network. If not set, the host servers from /etc/resolv.conf will be used.  It can be overwritten on the container level with the podman run/create --dns option. This option can be specified multiple times to set more than one IP.

--driver, -d=driver

Driver to manage the network. Currently bridge, macvlan and ipvlan are supported. Defaults to bridge. As rootless the macvlan and ipvlan driver have no access to the host network interfaces because rootless networking requires a separate network namespace.

The netavark backend allows the use of so called netavark plugins, see the plugin-API.md documentation in netavark. The binary must be placed in a specified directory so podman can discover it, this list is set in netavark_plugin_dirs in containers.conf(5) under the [network] section.

The name of the plugin can then be used as driver to create a network for your plugin. The list of all supported drivers and plugins can be seen with podman info --format {{.Plugins.Network}}.


Define a gateway for the subnet. To provide a gateway address, a subnet option is required. Can be specified multiple times. The argument order of the --subnet, --gateway and --ip-range options must match.


Ignore the create request if a network with the same name already exists instead of failing. Note, trying to create a network with an existing name and different parameters, will not change the configuration of the existing one


This option maps the the network_interface option in the network config, see podman network inspect. Depending on the driver this can have different effects, for bridge it will be the bridge interface name. For macvlan and ipvlan this will be the parent device on the host. It is the same as --opt parent=....


Restrict external access of this network. Note when using this option, the dnsname plugin will be automatically disabled.


Allocate container IP from a range.  The range must be a complete subnet and in CIDR notation.  The ip-range option must be used with a subnet option. Can be specified multiple times. The argument order of the --subnet, --gateway and --ip-range options must match.


Set the ipam driver (IP Address Management Driver) for the network. When unset podman will choose an ipam driver automatically based on the network driver.

Valid values are:

  • dhcp: IP addresses are assigned from a dhcp server on the network. This driver is not yet supported with netavark. For CNI the dhcp plugin needs to be activated before.
  • host-local: IP addresses are assigned locally.
  • none: No ip addresses are assigned to the interfaces.

View the driver in the podman network inspect output under the ipam_options field.


Enable IPv6 (Dual Stack) networking. If not subnets are given it will allocate an ipv4 and an ipv6 subnet.


Set metadata for a network (e.g., --label mykey=value).

--opt, -o=option

Set driver specific options.

All drivers accept the mtu and metric options.

  • mtu: Sets the Maximum Transmission Unit (MTU) and takes an integer value.
  • metric Sets the Route Metric for the default route created in every container joined to this network. Accepts a positive integer value. Can only be used with the Netavark network backend.

Additionally the bridge driver supports the following options:

  • vlan: This option assign VLAN tag and enables vlan_filtering. Defaults to none.
  • isolate: This option isolates networks by blocking traffic between those that have this option enabled.
  • com.docker.network.bridge.name: This option assigns the given name to the created Linux Bridge
  • com.docker.network.driver.mtu: Sets the Maximum Transmission Unit (MTU) and takes an integer value.

The macvlan and ipvlan driver support the following options:

  • parent: The host device which should be used for the macvlan interface. Defaults to the default route interface.
  • mode: This option sets the specified ip/macvlan mode on the interface.

    • Supported values for macvlan are bridge, private, vepa, passthru. Defaults to bridge.
    • Supported values for ipvlan are l2, l3, l3s. Defaults to l2.


The subnet in CIDR notation. Can be specified multiple times to allocate more than one subnet for this network. The argument order of the --subnet, --gateway and --ip-range options must match. This is useful to set a static ipv4 and ipv6 subnet.


Create a network with no options.

$ podman network create

Create a network named newnet that uses for its subnet.

$ podman network create --subnet newnet

Create an IPv6 network named newnetv6 with a subnet of 2001:db8::/64.

$ podman network create --subnet 2001:db8::/64 --ipv6 newnetv6

Create a network named newnet that uses and defines a gateway as

$ podman network create --subnet --gateway newnet

Create a network that uses a *** subnet and has an IP address range of -

$ podman network create --subnet --ip-range

Create a network with a static ipv4 and ipv6 subnet and set a gateway.

$ podman network create --subnet --gateway --subnet fd52:2a5a:747e:3acd::/64 --gateway fd52:2a5a:747e:3acd::10

Create a Macvlan based network using the host interface eth0. Macvlan networks can only be used as root.

$ sudo podman network create -d macvlan -o parent=eth0 --subnet newnet

See Also

podman(1), podman-network(1), podman-network-inspect(1), podman-network-ls(1), containers.conf(5)


August 2021, Updated with the new network format by Paul Holzinger pholzing@redhat.com ⟨mailto:pholzing@redhat.com⟩

August 2019, Originally compiled by Brent Baude bbaude@redhat.com ⟨mailto:bbaude@redhat.com⟩

Referenced By

podman-kube-play(1), podman-network(1), podman-network-inspect(1), podman-network-ls(1), podman-systemd.unit(5).