On CentOS 7 I occasionally have problems running containers and need to restart docker. When I do, my firewall drops with errors like the following:

Dec 22 05:26:26 douglasii.web.ca.internal.domain.tld firewalld[29013]: 2014-12-22 05:26:26 ERROR: COMMAND_FAILED: '/sbin/ip6tables -I INPUT_ZONES 1 -t filter -i veth6a0989b -j IN_drop' failed: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
Dec 22 05:27:02 douglasii.web.ca.internal.domain.tld firewalld[29013]: 2014-12-22 05:27:02 ERROR: UNKNOWN_INTERFACE: veth289bc1f
Dec 22 05:27:07 douglasii.web.ca.internal.domain.tld firewalld[29013]: 2014-12-22 05:27:07 ERROR: UNKNOWN_INTERFACE: veth76d6d47
Dec 22 05:27:39 douglasii.web.ca.internal.domain.tld firewalld[29013]: 2014-12-22 05:27:39 ERROR: '/sbin/iptables -I INPUT_ZONES 1 -t filter -i vethe76a70c -j IN_drop' failed: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?

Examples from two Linodes: https://gist.github.com/buley/556440bd9155c62c73c1

It appears that the interfaces like vethe76a70c and associated rules are created by Docker https://bugzilla.redhat.com/show_bug.cgi?id=1098281 Is anyone else seeing this?

Right now my fix is to restart firewalld after restarting Docker. Does anyone have an easier workaround to keep Docker and firewalld playing nice?