ITQC/containernetworking-plugins
24
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 34 Wiki Activity

Merge pull request #505 from xtreme-sameer-vohra/patch-1

Browse Source 
Update firewall README.md
This commit is contained in:
Dan Williams 2020-08-05 10:26:27 -05:00 committed by GitHub
commit 3aadb402e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
plugins/meta/firewall/README.md
View File

@ -133,3 +133,17 @@ of the container as shown:
- `-s 10.88.0.2 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT`
- `-d 10.88.0.2 -j ACCEPT`
The `CNI-FORWARD` chain first sends all traffic to `CNI-ADMIN` chain, which is intended as an user-controlled chain for custom rules that run prior to rules managed by the `firewall` plugin. The `firewall` plugin does not add, delete or modify rules in the `CNI-ADMIN` chain.
`CNI-FORWARD` chain:
- `-j CNI-ADMIN`
The chain name `CNI-ADMIN` can be overridden by specifying `iptablesAdminChainName` in the plugin configuration
```
{
"type": "firewall",
"backend": "iptables",
"iptablesAdminChainName": "SOME-OTHER-CHAIN-NAME",
}
```