disable generation of cni firewall plugin

it turns out that when the firewall plugin is not provided as part of the configuration, then the firewall cni plugin will dynamically figure out if it should use firewalld or iptables. also removing this from the default configuration file Signed-off-by: Brent Baude <bbaude@redhat.com>
2025-07-02 08:47:43 +08:00 · 2020-02-21 13:06:58 -06:00
parent 75ea3b67c6
commit a86f3e88d0
2 changed files with 0 additions and 5 deletions
--- a/cni/87-podman-bridge.conflist
+++ b/cni/87-podman-bridge.conflist
@ -26,10 +26,6 @@
        "portMappings": true
      }
    },
-    {
-      "type": "firewall",
-      "backend": "iptables"
-    },
    {
      "type": "tuning"
    }
--- a/pkg/adapter/network.go
+++ b/pkg/adapter/network.go
@ -209,7 +209,6 @@ func (r *LocalRuntime) NetworkCreateBridge(cli *cliconfig.NetworkCreateValues) (
 	bridge := network.NewHostLocalBridge(bridgeDeviceName, isGateway, false, ipMasq, ipamConfig)
 	plugins = append(plugins, bridge)
 	plugins = append(plugins, network.NewPortMapPlugin())
-	plugins = append(plugins, network.NewFirewallPlugin())
 	// if we find the dnsname plugin, we add configuration for it
 	if network.HasDNSNamePlugin(runtimeConfig.CNIPluginDir) && !cli.DisableDNS {
 		// Note: in the future we might like to allow for dynamic domain names