What's wrong with Firewalld?

So I had some issues with setting up Rancher on Fedora 36. Although I suspect this is an older issue. The problem is that the documentation says Firewalld just doesn’t work with Kubernetes 1.19+ but it doesn’t go into details. Why doesn’t it work? The only way I could make Rancher work was to do 2 things - disable firewalld.service and enable nftable.service. Apparently if you disable firewalld all the iptables rules are…removed or smth.

Any firewall functionality on Linux is just a frontend to the kernel netfilter module, which does firewall but also NAT & some network routing if you want. Container networking uses netfilter for creating and using the networks the containers live on. Apparently firewalld as a service tweaking netfilter is too intrusive and/or tweaks things messing with container networking. I’m more surprised that people are able to get it working with ufw (or nftable for you) than firewalld failing.