add iptables=false to docs for multiple daemons

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 1255e53e2890149df3c919af7aac88237069e1bb
Component: engine

components/engine/docs/reference/commandline/dockerd.md

@@ -1154,6 +1154,7 @@ The following daemon options must be configured for each daemon:
 -g, --graph=/var/lib/docker            Root of the Docker runtime
 -p, --pidfile=/var/run/docker.pid      Path to use for daemon PID file
 -H, --host=[]                          Daemon socket(s) to connect to
+--iptables=true                        Enable addition of iptables rules
 --config-file=/etc/docker/daemon.json  Daemon configuration file
 --tlscacert="~/.docker/ca.pem"         Trust certs signed only by this CA
 --tlscert="~/.docker/cert.pem"         Path to TLS certificate file
@@ -1172,6 +1173,10 @@ set this parameter separately for each daemon.
 - `-p, --pidfile=/var/run/docker.pid` is the path where the process ID of the daemon is stored. Specify the path for your
 pid file here.
 - `--host=[]` specifies where the Docker daemon will listen for client connections. If unspecified, it defaults to `/var/run/docker.sock`.
+- `--iptables=false` prevents the Docker daemon from adding iptables rules. If
+  multiple daemons manage iptables rules, they may overwrite rules set by
+  another daemon. Be aware that disabling this option requires you to manually
+  add iptables rules to expose container ports.
 - `--config-file=/etc/docker/daemon.json` is the path where configuration file is stored. You can use it instead of
 daemon flags. Specify the path for each daemon.
 - `--tls*` Docker daemon supports `--tlsverify` mode that enforces encrypted and authenticated remote connections.