Open p3lim opened 1 year ago
We have been talking about it lately, we should definitely enable it if it works correctly.
Some outstanding work to do so:
isolate
option which changes the behaviour if networks can talk to each other (see https://github.com/containers/netavark/pull/703 for example)podman run -p 80:80 -dt nginx
the port is not reachable via any local address. It is however reachable via other hosts on the same network. This is a major problem and must be fixed.These are the things I can think of right now. And then we should run test/200-bridge-firewalld.bats
and see if any test cases are failing there.
cc @mheon
That all sounds correct.
Of these:
https://github.com/containers/netavark/blob/9c40d1f6372a21248ebbd4edff31148ee8de54aa/src/firewall/mod.rs#L67
This section has not been updated since firewalld 1.1.x came out 16 months ago, requiring users to set
NETAVARK_FW=firewalld
globally (e.g. in /etc/environment) to properly use firewalld if present.Been testing it today along with @erig0 (firewalld lead), who requested me to open an issue with you to finalize this support.
Tested with: