Vendor CNI plugins firewall code

The upstream CNI project has a PR open for adding iptables and
firewalld support, but this has been stalled for the better part
of a year upstream.

On advice of several maintainers, we are vendoring this code into
libpod, to perform the relevant firewall configuration ourselves.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #1431
Approved by: baude

1 files changed, 10 insertions, 0 deletions

diff --git a/vendor/github.com/coreos/go-iptables/README.md b/vendor/github.com/coreos/go-iptables/README.md
new file mode 100644
index 000000000..974a983e0
--- /dev/null
+++ b/vendor/github.com/coreos/go-iptables/README.md
@@ -0,0 +1,10 @@
+# go-iptables
+
+[![GoDoc](https://godoc.org/github.com/coreos/go-iptables/iptables?status.svg)](https://godoc.org/github.com/coreos/go-iptables/iptables)
+[![Build Status](https://travis-ci.org/coreos/go-iptables.png?branch=master)](https://travis-ci.org/coreos/go-iptables)
+
+Go bindings for iptables utility.
+
+In-kernel netfilter does not have a good userspace API. The tables are manipulated via setsockopt that sets/replaces the entire table. Changes to existing table need to be resolved by userspace code which is difficult and error-prone. Netfilter developers heavily advocate using iptables utlity for programmatic manipulation.
+
+go-iptables wraps invocation of iptables utility with functions to append and delete rules; create, clear and delete chains.