It seems that when running Firewalld on the host machine, and then using the docker systemd service that the two do not play well together, in the sense that the docker service does not have a firewalld integration and thus uses iptables directly which firewalld then has no knowledge of. So when firewalld is restarted all the docker rules are cleared from iptables. So what is the general recommendation for the host machine? Drop firewalld and just stick to iptables (soon nftables)? Or is there some way of having the two work in harmony together instead of against each other?