|
|
4c4c1b |
From 6c97e0d5c140d587e5477d478159e91b8adcfd15 Mon Sep 17 00:00:00 2001
|
|
|
4c4c1b |
From: Brent Baude <bbaude@redhat.com>
|
|
|
4c4c1b |
Date: Thu, 27 Feb 2020 14:39:31 -0600
|
|
|
4c4c1b |
Subject: [PATCH 2/2] network create should use firewall plugin
|
|
|
4c4c1b |
|
|
|
4c4c1b |
when creating a network, podman should add the firewall plugin to the config but not specify a backend. this will allow cni to determine whether it should use an iptables|firewalld backend.
|
|
|
4c4c1b |
|
|
|
4c4c1b |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
4c4c1b |
---
|
|
|
4c4c1b |
pkg/adapter/network.go | 1 +
|
|
|
4c4c1b |
pkg/network/netconflist.go | 1 -
|
|
|
4c4c1b |
2 files changed, 1 insertion(+), 1 deletion(-)
|
|
|
4c4c1b |
|
|
|
4c4c1b |
diff --git a/pkg/network/netconflist.go b/pkg/network/netconflist.go
|
|
|
4c4c1b |
index a8217097ac..34ff000249 100644
|
|
|
4c4c1b |
--- a/pkg/network/netconflist.go
|
|
|
4c4c1b |
+++ b/pkg/network/netconflist.go
|
|
|
4c4c1b |
@@ -110,7 +110,6 @@ func NewPortMapPlugin() PortMapConfig {
|
|
|
4c4c1b |
func NewFirewallPlugin() FirewallConfig {
|
|
|
4c4c1b |
return FirewallConfig{
|
|
|
4c4c1b |
PluginType: "firewall",
|
|
|
4c4c1b |
- Backend: "iptables",
|
|
|
4c4c1b |
}
|
|
|
4c4c1b |
}
|
|
|
4c4c1b |
|
|
|
4c4c1b |
|
|
|
4c4c1b |
From cfd40608907b653a8b05f2e4f4243f8aa677b6e3 Mon Sep 17 00:00:00 2001
|
|
|
4c4c1b |
From: Brent Baude <bbaude@redhat.com>
|
|
|
4c4c1b |
Date: Thu, 27 Feb 2020 14:35:48 -0600
|
|
|
4c4c1b |
Subject: [PATCH 1/2] add firewall plugin (no backend) to default cni config
|
|
|
4c4c1b |
|
|
|
4c4c1b |
in order for the fall back mechanisms to work in containernetworking-plugins, the firewall plugin must still be called via the cni configuration file. however, no backend w
|
|
|
4c4c1b |
|
|
|
4c4c1b |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
4c4c1b |
---
|
|
|
4c4c1b |
cni/87-podman-bridge.conflist | 3 +++
|
|
|
4c4c1b |
1 file changed, 3 insertions(+)
|
|
|
4c4c1b |
|
|
|
4c4c1b |
diff -up a/cni/87-podman-bridge.conflist b/cni/87-podman-bridge.conflist
|
|
|
4c4c1b |
--- a/cni/87-podman-bridge.conflist
|
|
|
4c4c1b |
+++ b/cni/87-podman-bridge.conflist
|
|
|
4c4c1b |
@@ -31,8 +31,7 @@
|
|
|
4c4c1b |
}
|
|
|
4c4c1b |
},
|
|
|
4c4c1b |
{
|
|
|
4c4c1b |
- "type": "firewall",
|
|
|
4c4c1b |
- "backend": "iptables"
|
|
|
4c4c1b |
+ "type": "firewall"
|
|
|
4c4c1b |
}
|
|
|
4c4c1b |
]
|
|
|
4c4c1b |
}
|