see: - https://www.cni.dev/plugins/current/meta/firewall/#backends - https://github.com/containernetworking/plugins/blob/54f69e0a59754460bee4e50ccabc86877dd6cf5f/plugins/meta/firewall/firewall.go#L115 using the plugin without iptables (or firewalld) installed results in a runtime-error: https://forums.gentoo.org/viewtopic-t-1149374.html Additionally some kernel options need to be enabled so that iptables has the required functionallity, e.g. CONFIG_NETFILTER_XT_MATCH_COMMENT, CONFIG_NETFILTER_XT_MATCH_MULTIPORT and possibly others. Reproducible: Always
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1cd833040af6249eb898a51579004b994ddbb0c6 commit 1cd833040af6249eb898a51579004b994ddbb0c6 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2022-09-24 19:07:07 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2022-09-24 19:09:09 +0000 app-containers/cni-plugins: 1.1.1-r1 revbump to add iptables to RDEPEND Closes: https://bugs.gentoo.org/870622 Signed-off-by: William Hubbs <williamh@gentoo.org> .../cni-plugins/cni-plugins-1.1.1-r1.ebuild | 37 ++++++++++++++++++++++ 1 file changed, 37 insertions(+)