Created container with compose has completely broken the host machine

I edited my docker compose on portainer and added network_mode: “host”. Now my entire host machine is inaccessible via ssh or ping. Any ideas on what I can do? i’d love to provide logs but the machine is totally inaccessible.

With host network mode you give the container full rights over listening on any public port.

But it should not really influence SSH and ping, as already running process usually listen to those ports and no new process can take them over.

Have you tried a restart?

Multiple times, container failed to create when I made that change and I lost connectivity right after that.

So the container is not even running to mess up the system? Maybe the disk ist full?

Any emergency/recovery access? We can start our systems with an emergency OS, mount the real disk and make changes.

I’ve just plugged a monitor into the system and the container that I made is not in the list. Seems like it only broke the networking

The Disk is has well over 300gb free, all I know is I add ONE line into the docker compose and as soon as I pressed ENTER the ssh connection dropped and would not come back I restarted it waited 5 minutes and it still wouldn’t connect then I went to ping and it pings.

This setting makes the container use the network namespace of the host (as in absence of network namespace isolation), and the process behaves network-wise like any process that runs directly on host.

You need to be careful with containers that use network_mode: host and privileged: true or cap_add: [NET_ADMIN], as changes applied to network interfaces or iptables rules inside such a container will affect the whole system, and not just the container itself. Though, if neither privileged: true or cap_add: [NET_ADMIN] are specified, the container should not be able to modify the host network interfaces.

Do you remember what other options you used when creating the container? If for example the container mounted a file or folder from the host which is related to network, it could break the network without even the host mode being involved. Then you have to restore those files.