Firewalld integration (#11883)

* Firewalld integration

Added a section mentioning the firewalld integration
and added notes on handling issues we've seen in the
community

Relates to https://github.com/docker/for-linux/issues/1163

Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

* Update network/iptables.md

Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>

* Minor style edits

Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>

network/iptables.md

@@ -93,3 +93,17 @@ any address on the host. If you want to change that behavior to only
 expose ports on an internal IP address, you can use the `--ip` option to
 specify a different IP address. However, setting `--ip` only changes the
 _default_, it does not _restrict_ services to that IP.
+
+## Integration with Firewalld
+
+If you are running Docker version 20.10.0 or higher with [firewalld](https://firewalld.org){: target="blank" rel="noopener" class=“”} on your system with `--iptables` enabled, Docker automatically creates a `firewalld` zone called `docker` and inserts all the network interfaces it creates (for example, `docker0`) into the `docker` zone to allow seamless networking.
+
+Consider running the following `firewalld` command to remove the docker interface from the zone.
+
+```bash
+# Please substitute the appropriate zone and docker interface
+$ firewall-cmd --zone=trusted --remove-interface=docker0 --permanent
+$ firewall-cmd --reload
+```
+
+Restarting `dockerd` daemon inserts the interface into the `docker` zone.