docker containers can't ping each other using CNI bridge (same host)

I'm trying to use the bridge CNI plugin with a standalone kubelet and I'm unable to ping pods from each other (same node).

I'm able to ping a pod from the host and from the pod itself (using its subnet IP).

Also, packets from the "caller" pod reach the bridge : 10:28:00.951871 IP ip-10-0-1-4.eu-west-3.compute.internal > ip-10-0-1-5.eu-west-3.compute.internal: ICMP echo request, id 15, seq 22, length 64

but not the other pod's interface (tcpdump doesn't see any ping).

the pod I try to reach has the 10.0.1.5 IP address (I'm able to ping it there from host and from itself)

cni config :

{
    "cniVersion": "0.3.1",
    "name": "bridge",
    "type": "bridge",
    "bridge": "cnio0",
    "isGateway": true,
    "ipMasq": true,
    "ipam": {
        "type": "host-local",
        "ranges": [
          [{"subnet": "10.0.1.0/24"}] 
        ],
        "routes": [{"dst": "0.0.0.0/0"}]
    }
}

brctl shows that the 2 veth pairs are actually connected to the bridge.

I also tried to add the firewall CNI plugin, and load it after the bridge, without more success...

Is there something else I have to configure in order to get it working ?

I was adding the firewall as a separate file.

Setting bridge and firewall together actually works :

cat <<EOF | sudo tee /etc/cni/net.d/10-bridge.conflist
{
    "cniVersion": "0.4.0",
    "name": "bridge-firewalld",
    "plugins": [
      {
        "type": "bridge",
        "bridge": "cnio0",
        "isGateway": true,
        "ipMasq": true,
        "ipam": {
            "type": "host-local",
            "subnet": "10.0.1.0/24",
            "routes": [
                { "dst": "0.0.0.0/0" }
            ]
        }
      },
      {
        "type": "firewall",
        "backend": "iptables"
      }
    ]
}
EOF