diff options
author | Brent Baude <bbaude@redhat.com> | 2020-02-21 13:06:58 -0600 |
---|---|---|
committer | Brent Baude <bbaude@redhat.com> | 2020-02-21 13:06:58 -0600 |
commit | a86f3e88d0b4b7d57fad75453474523c1f29f07d (patch) | |
tree | 17fbd884f938be3031e46a22c64fa01ccff84508 | |
parent | 75ea3b67c6a5c3b6a3e4b7f5ae173c09c8e9c2d5 (diff) | |
download | podman-a86f3e88d0b4b7d57fad75453474523c1f29f07d.tar.gz podman-a86f3e88d0b4b7d57fad75453474523c1f29f07d.tar.bz2 podman-a86f3e88d0b4b7d57fad75453474523c1f29f07d.zip |
disable generation of cni firewall plugin
it turns out that when the firewall plugin is not provided as part of the configuration, then the firewall cni plugin will dynamically figure out if it should use firewalld or iptables.
also removing this from the default configuration file
Signed-off-by: Brent Baude <bbaude@redhat.com>
-rw-r--r-- | cni/87-podman-bridge.conflist | 4 | ||||
-rw-r--r-- | pkg/adapter/network.go | 1 |
2 files changed, 0 insertions, 5 deletions
diff --git a/cni/87-podman-bridge.conflist b/cni/87-podman-bridge.conflist index 39e79b13c..cd01b97ce 100644 --- a/cni/87-podman-bridge.conflist +++ b/cni/87-podman-bridge.conflist @@ -27,10 +27,6 @@ } }, { - "type": "firewall", - "backend": "iptables" - }, - { "type": "tuning" } ] diff --git a/pkg/adapter/network.go b/pkg/adapter/network.go index b25f54a13..c5bd91534 100644 --- a/pkg/adapter/network.go +++ b/pkg/adapter/network.go @@ -209,7 +209,6 @@ func (r *LocalRuntime) NetworkCreateBridge(cli *cliconfig.NetworkCreateValues) ( bridge := network.NewHostLocalBridge(bridgeDeviceName, isGateway, false, ipMasq, ipamConfig) plugins = append(plugins, bridge) plugins = append(plugins, network.NewPortMapPlugin()) - plugins = append(plugins, network.NewFirewallPlugin()) // if we find the dnsname plugin, we add configuration for it if network.HasDNSNamePlugin(runtimeConfig.CNIPluginDir) && !cli.DisableDNS { // Note: in the future we might like to allow for dynamic domain names |