Replace existing iptables handler with firewall code

Use the new firewall code vendored from CNI to replace the
existing iptables rule addition handler we had in place. This
adds proper support for firewalld and should be much better at
interacting with the firewall.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #1431
Approved by: baude

1 files changed, 0 insertions, 21 deletions

diff --git a/pkg/firewall/iptables.go b/pkg/firewall/iptables.go
index 9f065dbcf..59d81b287 100644
--- a/pkg/firewall/iptables.go
+++ b/pkg/firewall/iptables.go
@@ -51,10 +51,6 @@ func generateFilterRule(privChainName string) []string {
 	return []string{"-m", "comment", "--comment", "CNI firewall plugin rules", "-j", privChainName}
 }
 
-func generateAdminRule(adminChainName string) []string {
-	return []string{"-m", "comment", "--comment", "CNI firewall plugin admin overrides", "-j", adminChainName}
-}
-
 func cleanupRules(ipt *iptables.IPTables, privChainName string, rules [][]string) {
 	for _, rule := range rules {
 		ipt.Delete("filter", privChainName, rule...)
@@ -148,23 +144,6 @@ func (ib *iptablesBackend) delRules(conf *FirewallNetConf, ipt *iptables.IPTable
 	return nil
 }
 
-func findProtos(conf *FirewallNetConf) []iptables.Protocol {
-	protos := []iptables.Protocol{iptables.ProtocolIPv4, iptables.ProtocolIPv6}
-	if conf.PrevResult != nil {
-		// If PrevResult is given, scan all IP addresses to figure out
-		// which IP versions to use
-		protos = []iptables.Protocol{}
-		for _, addr := range conf.PrevResult.IPs {
-			if addr.Address.IP.To4() != nil {
-				protos = append(protos, iptables.ProtocolIPv4)
-			} else {
-				protos = append(protos, iptables.ProtocolIPv6)
-			}
-		}
-	}
-	return protos
-}
-
 type iptablesBackend struct {
 	protos         map[iptables.Protocol]*iptables.IPTables
 	privChainName  string