engine/networking overhaul

.github/vale/Vocab/Technology/accept.txt

@@ -3,9 +3,9 @@ CVEs?
 DHCP
 DNS
 Ethernet
+GPG
 GRUB
 Git
-GPG
 HTTP
 IPs?
 IPv[46]
@@ -56,6 +56,7 @@ stdout
 subnet
 swappable
 systemd
+ufw
 umask
 ungated
 virtiofs

_data/engine-cli/docker_service_create.yaml

@@ -1585,7 +1585,7 @@ examples: |-
     The swarm extends my-network to each node running the service.
 
     Containers on the same network can access each other using
-    [service discovery](/network/overlay/#container-discovery).
+    [service discovery](/network/drivers/overlay/#container-discovery).
 
     Long form syntax of `--network` allows to specify list of aliases and driver options:
     `--network name=my-network,alias=web1,driver-opt=field1=value1`

_data/glossary.yaml

@@ -233,7 +233,7 @@ service: |
 service account: |
   A service account is a Docker ID used for automated management of container images or containerized applications. Service accounts are typically used in automated workflows, and do not share Docker IDs with the members in a Docker Team or Docker Business subscription plan.
 service discovery: |
-  Swarm mode [container discovery](/network/overlay/#container-discovery) is a DNS component internal to the swarm that automatically assigns each service on an overlay network in the swarm a VIP and DNS entry. Containers on the network share DNS mappings for the service through gossip so any container on the network can access the service through its service name.
+  Swarm mode [container discovery](/network/drivers/overlay/#container-discovery) is a DNS component internal to the swarm that automatically assigns each service on an overlay network in the swarm a VIP and DNS entry. Containers on the network share DNS mappings for the service through gossip so any container on the network can access the service through its service name.
 
   You don’t need to expose service-specific ports to make the service available to other services on the same overlay network. The swarm’s internal load balancer automatically distributes requests to the service VIP among the active tasks.
 swarm: |

_data/toc.yaml

@@ -1350,22 +1350,28 @@ manuals:
     section:
     - path: /network/
       title: Overview
-    - path: /config/containers/container-networking/
-      title: Container networking
+    - sectiontitle: Network drivers
+      section:
+      - path: /network/drivers/
+        title: Overview
+      - path: /network/drivers/bridge/
+        title: Bridge
+      - path: /network/drivers/overlay/
+        title: Overlay
+      - path: /network/drivers/host/
+        title: Host
+      - path: /network/drivers/ipvlan/
+        title: IPvlan
+      - path: /network/drivers/macvlan/
+        title: Macvlan
+      - path: /network/drivers/none/
+        title: None (no networking)
     - path: /network/proxy/
       title: Configure Docker to use a proxy server
-    - path: /network/bridge/
-      title: Bridge networks
-    - path: /network/overlay/
-      title: Overlay networks
-    - path: /network/host/
-      title: Host networking
-    - path: /network/ipvlan/
-      title: IPvlan networks
-    - path: /network/macvlan/
-      title: Macvlan networks
-    - path: /network/none/
-      title: Disable networking for a container
+    - path: /network/packet-filtering-firewalls/
+      title: Packet filtering and firewalls
+    - path: /config/daemon/ipv6/
+      title: Use IPv6
     - sectiontitle: Networking tutorials
       section:
       - path: /network/network-tutorial-standalone/
@@ -1548,14 +1554,10 @@ manuals:
         title: Configuration overview
       - path: /config/daemon/systemd/
         title: Configure with systemd
-      - path: /config/daemon/ipv6/
-        title: Use IPv6
       - path: /config/containers/live-restore/
         title: Keep containers alive during daemon downtime
       - path: /config/daemon/troubleshoot/
         title: Troubleshoot
-      - path: /network/iptables/
-        title: Docker and iptables
       - path: /config/daemon/remote-access/
         title: Remote access
       - path: /engine/context/working-with-contexts/