mirror of
				https://github.com/containers/podman.git
				synced 2025-10-26 10:45:26 +08:00 
			
		
		
		
	 9405e3704f
			
		
	
	9405e3704f
	
	
	
		
			
			The upstream CNI project has a PR open for adding iptables and firewalld support, but this has been stalled for the better part of a year upstream. On advice of several maintainers, we are vendoring this code into libpod, to perform the relevant firewall configuration ourselves. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1431 Approved by: baude
		
			
				
	
	
		
			48 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			48 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // +build linux
 | |
| 
 | |
| // Copyright 2016 CNI authors
 | |
| //
 | |
| // Licensed under the Apache License, Version 2.0 (the "License");
 | |
| // you may not use this file except in compliance with the License.
 | |
| // You may obtain a copy of the License at
 | |
| //
 | |
| //     http://www.apache.org/licenses/LICENSE-2.0
 | |
| //
 | |
| // Unless required by applicable law or agreed to in writing, software
 | |
| // distributed under the License is distributed on an "AS IS" BASIS,
 | |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 | |
| // See the License for the specific language governing permissions and
 | |
| // limitations under the License.
 | |
| 
 | |
| package firewall
 | |
| 
 | |
| import (
 | |
| 	"fmt"
 | |
| )
 | |
| 
 | |
| // GetBackend retrieves a firewall backend for adding or removing firewall rules
 | |
| // on the system.
 | |
| // Valid backend names are firewalld, iptables, and none.
 | |
| // If the empty string is given, a firewalld backend will be returned if
 | |
| // firewalld is running, and an iptables backend will be returned otherwise.
 | |
| func GetBackend(backend string) (FirewallBackend, error) {
 | |
| 	switch backend {
 | |
| 	case "firewalld":
 | |
| 		return newFirewalldBackend()
 | |
| 	case "iptables":
 | |
| 		return newIptablesBackend()
 | |
| 	case "none":
 | |
| 		return newNoneBackend()
 | |
| 	case "":
 | |
| 		// Default to firewalld if it's running
 | |
| 		if isFirewalldRunning() {
 | |
| 			return newFirewalldBackend()
 | |
| 		}
 | |
| 
 | |
| 		// Otherwise iptables
 | |
| 		return newIptablesBackend()
 | |
| 	default:
 | |
| 		return nil, fmt.Errorf("unrecognized firewall backend %q", backend)
 | |
| 	}
 | |
| }
 |