From a86f3e88d0b4b7d57fad75453474523c1f29f07d Mon Sep 17 00:00:00 2001 From: Brent Baude Date: Fri, 21 Feb 2020 13:06:58 -0600 Subject: disable generation of cni firewall plugin it turns out that when the firewall plugin is not provided as part of the configuration, then the firewall cni plugin will dynamically figure out if it should use firewalld or iptables. also removing this from the default configuration file Signed-off-by: Brent Baude --- pkg/adapter/network.go | 1 - 1 file changed, 1 deletion(-) (limited to 'pkg/adapter') diff --git a/pkg/adapter/network.go b/pkg/adapter/network.go index b25f54a13..c5bd91534 100644 --- a/pkg/adapter/network.go +++ b/pkg/adapter/network.go @@ -209,7 +209,6 @@ func (r *LocalRuntime) NetworkCreateBridge(cli *cliconfig.NetworkCreateValues) ( bridge := network.NewHostLocalBridge(bridgeDeviceName, isGateway, false, ipMasq, ipamConfig) plugins = append(plugins, bridge) plugins = append(plugins, network.NewPortMapPlugin()) - plugins = append(plugins, network.NewFirewallPlugin()) // if we find the dnsname plugin, we add configuration for it if network.HasDNSNamePlugin(runtimeConfig.CNIPluginDir) && !cli.DisableDNS { // Note: in the future we might like to allow for dynamic domain names -- cgit v1.2.3-54-g00ecf