From 6c97e0d5c140d587e5477d478159e91b8adcfd15 Mon Sep 17 00:00:00 2001
From: Brent Baude <bbaude@redhat.com>
Date: Thu, 27 Feb 2020 14:39:31 -0600
Subject: [PATCH 2/2] network create should use firewall plugin

when creating a network, podman should add the firewall plugin to the config but not specify a backend.  this will allow cni to determine whether it should use an iptables|firewalld backend.

Signed-off-by: Brent Baude <bbaude@redhat.com>
---
 pkg/adapter/network.go     | 1 +
 pkg/network/netconflist.go | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/network/netconflist.go b/pkg/network/netconflist.go
index a8217097ac..34ff000249 100644
--- a/pkg/network/netconflist.go
+++ b/pkg/network/netconflist.go
@@ -110,7 +110,6 @@ func NewPortMapPlugin() PortMapConfig {
 func NewFirewallPlugin() FirewallConfig {
 	return FirewallConfig{
 		PluginType: "firewall",
-		Backend:    "iptables",
 	}
 }
 

From cfd40608907b653a8b05f2e4f4243f8aa677b6e3 Mon Sep 17 00:00:00 2001
From: Brent Baude <bbaude@redhat.com>
Date: Thu, 27 Feb 2020 14:35:48 -0600
Subject: [PATCH 1/2] add firewall plugin (no backend) to default cni config

in order for the fall back mechanisms to work in containernetworking-plugins, the firewall plugin must still be called via the cni configuration file.  however, no backend w

Signed-off-by: Brent Baude <bbaude@redhat.com>
---
 cni/87-podman-bridge.conflist | 3 +++
 1 file changed, 3 insertions(+)

diff -up a/cni/87-podman-bridge.conflist b/cni/87-podman-bridge.conflist
--- a/cni/87-podman-bridge.conflist
+++ b/cni/87-podman-bridge.conflist
@@ -31,8 +31,7 @@
             }
 	},
 	{
-            "type": "firewall",
-	    "backend": "iptables"
+            "type": "firewall"
 	}
     ]
 }