From faff3e82e03eb00d535ff58e728a258abbbfb2d7 Mon Sep 17 00:00:00 2001
From: Maxime Brunet <max@brnt.mx>
Date: Thu, 23 Mar 2023 12:23:39 -0700
Subject: [PATCH] CNI/bridge: Ensure pod communications are allowed

---
 pkg/minikube/cni/bridge.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/minikube/cni/bridge.go b/pkg/minikube/cni/bridge.go
index 48a0acb6fef1..b04194f44d51 100644
--- a/pkg/minikube/cni/bridge.go
+++ b/pkg/minikube/cni/bridge.go
@@ -30,12 +30,13 @@ import (
 // bridge is what minikube defaulted to when `--enable-default-cni=true`
 // ref: https://www.cni.dev/plugins/current/main/bridge/
 // ref: https://www.cni.dev/plugins/current/meta/portmap/
+// ref: https://www.cni.dev/plugins/current/meta/firewall/
 
 // note: "cannot set hairpin mode and promiscuous mode at the same time"
 // ref: https://github.com/containernetworking/plugins/blob/7e9ada51e751740541969e1ea5a803cbf45adcf3/plugins/main/bridge/bridge.go#L424
 var bridgeConf = template.Must(template.New("bridge").Parse(`
 {
-  "cniVersion": "0.3.1",
+  "cniVersion": "0.4.0",
   "name": "bridge",
   "plugins": [
     {
@@ -56,6 +57,11 @@ var bridgeConf = template.Must(template.New("bridge").Parse(`
       "capabilities": {
           "portMappings": true
       }
+    },
+    {
+       "type": "firewall",
+       "backend": "iptables",
+       "ingressPolicy": "same-bridge"
     }
   ]
 }