aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrent Baude <bbaude@redhat.com>2020-02-21 13:06:58 -0600
committerBrent Baude <bbaude@redhat.com>2020-02-21 13:06:58 -0600
commita86f3e88d0b4b7d57fad75453474523c1f29f07d (patch)
tree17fbd884f938be3031e46a22c64fa01ccff84508
parent75ea3b67c6a5c3b6a3e4b7f5ae173c09c8e9c2d5 (diff)
downloadpodman-a86f3e88d0b4b7d57fad75453474523c1f29f07d.tar.gz
podman-a86f3e88d0b4b7d57fad75453474523c1f29f07d.tar.bz2
podman-a86f3e88d0b4b7d57fad75453474523c1f29f07d.zip
disable generation of cni firewall plugin
it turns out that when the firewall plugin is not provided as part of the configuration, then the firewall cni plugin will dynamically figure out if it should use firewalld or iptables. also removing this from the default configuration file Signed-off-by: Brent Baude <bbaude@redhat.com>
-rw-r--r--cni/87-podman-bridge.conflist4
-rw-r--r--pkg/adapter/network.go1
2 files changed, 0 insertions, 5 deletions
diff --git a/cni/87-podman-bridge.conflist b/cni/87-podman-bridge.conflist
index 39e79b13c..cd01b97ce 100644
--- a/cni/87-podman-bridge.conflist
+++ b/cni/87-podman-bridge.conflist
@@ -27,10 +27,6 @@
}
},
{
- "type": "firewall",
- "backend": "iptables"
- },
- {
"type": "tuning"
}
]
diff --git a/pkg/adapter/network.go b/pkg/adapter/network.go
index b25f54a13..c5bd91534 100644
--- a/pkg/adapter/network.go
+++ b/pkg/adapter/network.go
@@ -209,7 +209,6 @@ func (r *LocalRuntime) NetworkCreateBridge(cli *cliconfig.NetworkCreateValues) (
bridge := network.NewHostLocalBridge(bridgeDeviceName, isGateway, false, ipMasq, ipamConfig)
plugins = append(plugins, bridge)
plugins = append(plugins, network.NewPortMapPlugin())
- plugins = append(plugins, network.NewFirewallPlugin())
// if we find the dnsname plugin, we add configuration for it
if network.HasDNSNamePlugin(runtimeConfig.CNIPluginDir) && !cli.DisableDNS {
// Note: in the future we might like to allow for dynamic domain names