Merge pull request #47303 from akerouanton/25.0-backport-internal-bri…

…dge-firewalld

[25.0 backport] Add internal n/w bridge to firewalld docker zone

libnetwork/drivers/bridge/setup_ip_tables_linux.go

@@ -8,6 +8,7 @@ import (
 	"strings"
 
 	"github.com/containerd/log"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/libnetwork/iptables"
 	"github.com/docker/docker/libnetwork/types"
 	"github.com/vishvananda/netlink"
@@ -408,6 +409,17 @@ func setupInternalNetworkRules(bridgeIface string, addr *net.IPNet, icc, insert
 	var version iptables.IPVersion
 	var inDropRule, outDropRule iptRule
 
+	// Either add or remove the interface from the firewalld zone, if firewalld is running.
+	if insert {
+		if err := iptables.AddInterfaceFirewalld(bridgeIface); err != nil {
+			return err
+		}
+	} else {
+		if err := iptables.DelInterfaceFirewalld(bridgeIface); err != nil && !errdefs.IsNotFound(err) {
+			return err
+		}
+	}
+
 	if addr.IP.To4() != nil {
 		version = iptables.IPv4
 		inDropRule = iptRule{