add an option to disable iptables #762

rtgiskard · 2022-07-27T07:38:19Z

I'm using nftables with customized rules, and do not want any part of the system to alter the rules itself, so that all the firewall rules can be managed in one place and easy to check.

currently cni plugin will always load iptable related module and set iptable rules, for my case, as nftables is in use, it would be a mess.

Add nftable backend might be a solution, but It would be good enough to have an option to disable iptables or any other firewall manipulation just like docker

rtgiskard · 2022-07-27T07:44:09Z

mark: podman netavark

mccv1r0 · 2022-07-27T15:57:36Z

You have the option to not use portmap and firewall plugins. And set ipMasq=false if the bridge plugin is the main plugin used. Is there something else missing?

rtgiskard · 2022-07-27T21:10:45Z

You have the option to not use portmap and firewall plugins. And set ipMasq=false if the bridge plugin is the main plugin used. Is there something else missing?

Great thanks! update cni network config, set ipMasq=false and remove the portmap and firewall part to disable the two plugins, then it works!

rtgiskard mentioned this issue Jul 27, 2022

WIP: firewall: add nftables backend #462

Closed

rtgiskard closed this as completed Jul 27, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add an option to disable iptables #762

add an option to disable iptables #762

rtgiskard commented Jul 27, 2022

rtgiskard commented Jul 27, 2022 •

edited

Loading

mccv1r0 commented Jul 27, 2022

rtgiskard commented Jul 27, 2022

add an option to disable iptables #762

add an option to disable iptables #762

Comments

rtgiskard commented Jul 27, 2022

rtgiskard commented Jul 27, 2022 • edited Loading

mccv1r0 commented Jul 27, 2022

rtgiskard commented Jul 27, 2022

rtgiskard commented Jul 27, 2022 •

edited

Loading