hey, I don't think you need to manipulate the nftables directly nor through firewall-cmd, if you use a container daemon, like the default mode in docker, it does that for you automatically. publishPort makes the container port available on the host directly even if the container is in an internal network. Someone can correct me if I missed something.
If I may guess why you're facing problems, I'd say because podman is daemonless, not sure how it is wired to publish ports without root.
linuxgeek28
npub1jg…9qrge
2026-05-06 07:11:24 UTC
in reply to nevent1q…9apx
Author Public Key
npub1jghpw3t2059m5hpywux3hsw6vzv3xgl8f5t5y9vtm48d3r4g8a7sr9qrgeSeen on
wss://relay.momostr.pinkPublished at
2026-05-06 07:11:24 UTCEvent JSON
{
"id": "7fdb8c7664e3b98acab5ecc4779714ac21b5fabffde6ac52465a535613572a7a",
"pubkey": "922e17456a7d0bba5c24770d1bc1da60991323e74d1742158bdd4ed88ea83f7d",
"created_at": 1778051484,
"kind": 1,
"tags": [
[
"p",
"c1812ca9433e5d31c5e35e9546d0f819d016ca6eabe98053daa6d40831179ec2"
],
[
"e",
"4cfb1b5202efd37427797afe57b6590102d8d51e042abbdfc091ea7152fea1db",
"",
"reply",
"c1812ca9433e5d31c5e35e9546d0f819d016ca6eabe98053daa6d40831179ec2"
],
[
"proxy",
"https://mastodon.social/@linuxgeek28/116526382106656582",
"web"
],
[
"e",
"f5ff1fc3a815409e9397c30383f20d5e22275a7406737435db06b8dca75bf9c5",
"",
"root",
"c1812ca9433e5d31c5e35e9546d0f819d016ca6eabe98053daa6d40831179ec2"
],
[
"proxy",
"https://mastodon.social/users/linuxgeek28/statuses/116526382106656582",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/linuxgeek28/statuses/116526382106656582",
"pink.momostr"
],
[
"-"
]
],
"content": "hey, I don't think you need to manipulate the nftables directly nor through firewall-cmd, if you use a container daemon, like the default mode in docker, it does that for you automatically. publishPort makes the container port available on the host directly even if the container is in an internal network. Someone can correct me if I missed something.\nIf I may guess why you're facing problems, I'd say because podman is daemonless, not sure how it is wired to publish ports without root.",
"sig": "bf90beae8e9d0f337fb13aaa029c691cc6357ba14b4f9fa52301dd73478d6c5c570c419645d66cf899d78c88f8fcc6df6748950592341dcd232e4bce62d0c327"
}