PavelSosin-320
commented
3 years ago @greenpau Please, change the qualification of this issue to BUG. Changing "backend" property of the firewall plugin configuration to one of the existing and working firewall front-end doesn't change bridge network driver behavior. Attempt to create a standalone container or member of pod still fails with the error: Error while adding pod to CNI network "legacy": failed to list chains: running [/usr/sbin/iptables although the network configuration is changed: podman network inspect legacy [ { "cniVersion": "0.4.0", "name": "legacy", .... { "backend": "iptables-legacy", "type": "firewall" }
The same happens with ufw. Both firewalls are presented and work in my distro Ubuntu 20.10 Groovy Gorilla.
Running into the issue with attaching the container to the default "podman" fails because attempts to use iptable causes the warning that saying that nftables shall be used instead of legacy iptables. The iptables cli invocation returns code is 4. From the Ubuntu Groovy release notes, I learned that the Groovy has a "newest best" firewall front-end CLI uncomplicated firewall UFW installed as a part of the standard upgrade from Ubuntu 20.04 Focal to 20.10 Groovy Gorilla ufw version ufw 0.36 Copyright 2008-2015 Canonical Ltd. with different input language.
The Podman CNI network configuration for the default "podman" network configures firewall plugin as
podman network inspect podman }, { "Documentation": "/usr/share/doc/containernetworking-plugins/meta_firewall.md", "backend": "iptables", "type": "firewall" }Please, support Ubuntu 20.10 Groovy in CNI and allow configuration of the CNI firewall plugin as ufw. Is it possible to deliver CNI plugins as a separate Debian or apt package to fast ring users?