disable generation of cni firewall plugin

it turns out that when the firewall plugin is not provided as part of the configuration, then the firewall cni plugin will dynamically figure out if it should use firewalld or iptables.

also removing this from the default configuration file

Signed-off-by: Brent Baude <bbaude@redhat.com>
This commit is contained in:
Brent Baude
2020-02-21 13:06:58 -06:00
parent 75ea3b67c6
commit a86f3e88d0
2 changed files with 0 additions and 5 deletions

View File

@ -26,10 +26,6 @@
"portMappings": true
}
},
{
"type": "firewall",
"backend": "iptables"
},
{
"type": "tuning"
}

View File

@ -209,7 +209,6 @@ func (r *LocalRuntime) NetworkCreateBridge(cli *cliconfig.NetworkCreateValues) (
bridge := network.NewHostLocalBridge(bridgeDeviceName, isGateway, false, ipMasq, ipamConfig)
plugins = append(plugins, bridge)
plugins = append(plugins, network.NewPortMapPlugin())
plugins = append(plugins, network.NewFirewallPlugin())
// if we find the dnsname plugin, we add configuration for it
if network.HasDNSNamePlugin(runtimeConfig.CNIPluginDir) && !cli.DisableDNS {
// Note: in the future we might like to allow for dynamic domain names