✦ For everyone, free.

Practical knowledge for real and everyday life

Home

19.3.2.3 Prune Unused Networks

A focused guide to Prune Unused Networks, connecting core concepts with practical Docker and container operations.

When docker system prune runs, it includes the removal of unused Docker networks as one of its cleanup operations. Docker networks accumulate over time when services are torn down, Docker Compose stacks are removed, or custom networks are created and abandoned without being explicitly deleted. Unused networks do not consume significant disk space on their own, but they do consume kernel network namespaces, Linux bridge interfaces, iptables rules, and network namespace file descriptors, which can contribute to resource exhaustion on hosts running many services.

What Counts as an Unused Network

A Docker network is considered unused when no running container is currently connected to it. Stopped containers that were previously connected do not count — only actively running container connections determine whether a network is in use.

The three default Docker networks are never removed by pruning:

  • bridge: The default bridge network for containers started without a --network flag.
  • host: Shares the host network stack.
  • none: Provides no network connectivity.

All user-created networks (custom bridge networks, overlay networks, macvlan networks) are eligible for pruning if no running container is connected to them.

How Unused Networks Accumulate

  • Docker Compose stacks: When you run docker compose down, Compose removes the containers and the network it created. However, if containers are stopped individually with docker stop rather than through docker compose down, the Compose-created network remains.
  • Manual network creation: Networks created with docker network create that are no longer in active use remain until explicitly removed.
  • Partially torn-down services: When some containers in a stack are removed but others remain stopped, the network connecting them persists.
  • Development iteration: Networks created for testing or experimentation that were never cleaned up.

Pruning Unused Networks via docker system prune

docker system prune includes network pruning as part of its default operation:

docker system prune

The output lists deleted networks:

Deleted Networks:
my_old_app_network
test_backend_network
staging_compose_default

No separate flag is needed to include network cleanup — it is part of the standard docker system prune behavior.

Pruning Only Networks

To prune unused networks without touching containers, images, volumes, or build cache:

docker network prune

Docker prompts for confirmation:

WARNING! This will remove all custom networks not used by at least one container.
Are you sure you want to continue? [y/N]

After confirmation, it lists all deleted network names.

To skip the confirmation:

docker network prune --force

Filtering by Age

To remove only networks that have had no connected containers for longer than a specified duration:

docker network prune --filter "until=48h"

This leaves recently created or recently disconnected networks intact while removing older ones.

Filtering by Label

To prune only networks that carry a specific label:

docker network prune --filter "label=environment=test"

This allows selective cleanup in environments where networks from different projects or environments coexist on the same host.

Verifying Networks Before Pruning

To see all networks on the host before pruning:

docker network ls

To identify which networks have no connected containers:

docker network ls --filter dangling=true

--filter dangling=true returns networks that have no active endpoints — equivalent to the networks that would be removed by a prune.

To inspect a specific network and see its connected containers:

docker network inspect my_network

The Containers section of the inspect output shows which containers are currently connected. An empty Containers object confirms the network is unused.

What Happens After Network Removal

Removing a network:

  • Deletes the Linux bridge interface (for bridge-type networks) from the host.
  • Removes associated iptables rules that Docker created for the network.
  • Frees the network namespace and all associated kernel resources.
  • Stops any Docker-managed DNS resolution for container names that was scoped to that network.

Previously connected containers that are still running will have lost network connectivity within the removed network's scope. However, since pruning only removes networks with zero running connections, this scenario does not arise during a standard prune operation.

Re-creating Pruned Networks

If a pruned network is needed again, it can be re-created:

docker network create my_network

For Docker Compose-managed networks, running docker compose up recreates the network automatically. Container connections within the new network work as normal.

Related content