From b0e122467cbcb243d65ec197145079480ee7a53e Mon Sep 17 00:00:00 2001 From: Mario Loriedo Date: Wed, 19 Nov 2025 14:38:48 +0100 Subject: [PATCH] Remove references to iptables This is a follow-up of https://github.com/containers/netavark/pull/1353 https://github.com/containers/podman/pull/27555 And related to https://issues.redhat.com/browse/RUN-3723 Signed-off-by: Mario Loriedo --- docs/containers.conf.5.md | 8 ++++---- libnetwork/netavark/run_test.go | 4 ++-- pkg/config/containers.conf | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/containers.conf.5.md b/docs/containers.conf.5.md index 3c111f878..4ed84acd5 100644 --- a/docs/containers.conf.5.md +++ b/docs/containers.conf.5.md @@ -298,9 +298,9 @@ Logging driver for the container. Currently available options are k8s-file, jour **log_path**="" -Default path for container logs to be stored in. When empty, logs will be stored +Default path for container logs to be stored in. When empty, logs will be stored in the container's default storage and removed when the container is removed. -A subdirectory named with the container ID will be created under the specified +A subdirectory named with the container ID will be created under the specified path, and the log file will have the default name `ctr.log` within that directory. This option can be overridden by the `--log-opt` flag. @@ -426,7 +426,7 @@ The default value is empty which means that it will automatically choose CNI or already containers/images or CNI networks preset it will choose CNI. Before changing this value all containers must be stopped otherwise it is likely that -iptables rules and network interfaces might leak on the host. A reboot will fix this. +firewall rules and network interfaces might leak on the host. A reboot will fix this. **cni_plugin_dirs**=[] @@ -507,7 +507,7 @@ and "$graphroot/networks" as rootless. The firewall driver to be used by netavark. The default is empty which means netavark will pick one accordingly. Current supported -drivers are "iptables", "nftables", "none" (no firewall rules will be created) and "firewalld" (firewalld is +drivers are "nftables", "none" (no firewall rules will be created) and "firewalld" (firewalld is experimental at the moment and not recommend outside of testing). **dns_bind_port**=53 diff --git a/libnetwork/netavark/run_test.go b/libnetwork/netavark/run_test.go index 673b6257a..fe313cf00 100644 --- a/libnetwork/netavark/run_test.go +++ b/libnetwork/netavark/run_test.go @@ -99,9 +99,9 @@ var _ = Describe("run netavark", func() { _ = netns.UnmountNS(netNSContainer.Path()) _ = netNSContainer.Close() }) - // Force iptables driver, firewalld is broken inside the extra + // Force nftables driver, firewalld is broken inside the extra // namespace because it still connects to firewalld on the host. - t.Setenv("NETAVARK_FW", "iptables") + t.Setenv("NETAVARK_FW", "nftables") }) JustBeforeEach(func() { diff --git a/pkg/config/containers.conf b/pkg/config/containers.conf index a432143d0..4d19a275c 100644 --- a/pkg/config/containers.conf +++ b/pkg/config/containers.conf @@ -216,12 +216,12 @@ default_sysctls = [ # #log_driver = "k8s-file" -# Default path for container logs to be stored in. When empty, logs will be stored +# Default path for container logs to be stored in. When empty, logs will be stored # in the container's default storage and removed when the container is removed. -# A subdirectory named with the container ID will be created under the specified +# A subdirectory named with the container ID will be created under the specified # path, and the log file will have the default name `ctr.log` within that directory. # This option can be overridden by the `--log-opt` flag. -# +# #log_path = "" # Maximum size allowed for the container log file. Negative numbers indicate @@ -382,7 +382,7 @@ default_sysctls = [ # The firewall driver to be used by netavark. # The default is empty which means netavark will pick one accordingly. Current supported -# drivers are "iptables", "nftables", "none" (no firewall rules will be created) and "firewalld" (firewalld is +# drivers are "nftables", "none" (no firewall rules will be created) and "firewalld" (firewalld is # experimental at the moment and not recommend outside of testing). # #firewall_driver = ""