summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cni/87-podman-bridge.conflist3
-rw-r--r--pkg/adapter/network.go1
-rw-r--r--pkg/network/netconflist.go1
3 files changed, 4 insertions, 1 deletions
diff --git a/cni/87-podman-bridge.conflist b/cni/87-podman-bridge.conflist
index cd01b97ce..13b09a5b5 100644
--- a/cni/87-podman-bridge.conflist
+++ b/cni/87-podman-bridge.conflist
@@ -27,6 +27,9 @@
}
},
{
+ "type": "firewall"
+ },
+ {
"type": "tuning"
}
]
diff --git a/pkg/adapter/network.go b/pkg/adapter/network.go
index c5bd91534..b25f54a13 100644
--- a/pkg/adapter/network.go
+++ b/pkg/adapter/network.go
@@ -209,6 +209,7 @@ func (r *LocalRuntime) NetworkCreateBridge(cli *cliconfig.NetworkCreateValues) (
bridge := network.NewHostLocalBridge(bridgeDeviceName, isGateway, false, ipMasq, ipamConfig)
plugins = append(plugins, bridge)
plugins = append(plugins, network.NewPortMapPlugin())
+ plugins = append(plugins, network.NewFirewallPlugin())
// if we find the dnsname plugin, we add configuration for it
if network.HasDNSNamePlugin(runtimeConfig.CNIPluginDir) && !cli.DisableDNS {
// Note: in the future we might like to allow for dynamic domain names
diff --git a/pkg/network/netconflist.go b/pkg/network/netconflist.go
index a8217097a..34ff00024 100644
--- a/pkg/network/netconflist.go
+++ b/pkg/network/netconflist.go
@@ -110,7 +110,6 @@ func NewPortMapPlugin() PortMapConfig {
func NewFirewallPlugin() FirewallConfig {
return FirewallConfig{
PluginType: "firewall",
- Backend: "iptables",
}
}