From 81b482ea5e12e970f4ab4fd8eb71caeff8b52003 Mon Sep 17 00:00:00 2001
From: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Date: Tue, 9 Apr 2024 12:57:15 +0200
Subject: [PATCH] docs: clarify that --data-path-addr doesn't restrict access

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit faf096b25cb7acec4855a7d14c81da43365aad0f)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---
 docs/reference/commandline/swarm_init.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md
index 990bd15d9bb7..29897e8d0379 100644
--- a/docs/reference/commandline/swarm_init.md
+++ b/docs/reference/commandline/swarm_init.md
@@ -117,6 +117,12 @@ data traffic from the management traffic of the cluster.
 
 If unspecified, the IP address or interface of the advertise address is used.
 
+Setting `--data-path-addr` does not restrict which interfaces or source IP
+addresses the VXLAN socket is bound to. Similar to `--advertise-addr`, the
+purpose of this flag is to inform other members of the swarm about which
+address to use for control plane traffic. To restrict access to the VXLAN port
+of the node, use firewall rules.
+
 ### <a name="data-path-port"></a> Configure port number for data traffic (--data-path-port)
 
 The `--data-path-port` flag allows you to configure the UDP port number to use