diff --git a/files/containers/podman-firewalld-reload.service b/files/containers/podman-firewalld-reload.service
new file mode 100644
index 00000000..9c8c444c
--- /dev/null
+++ b/files/containers/podman-firewalld-reload.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Redo podman NAT rules after firewalld starts or reloads
+Documentation=https://github.com/containers/podman/issues/5431
+Wants=dbus.service
+After=dbus.service
+
+[Service]
+Type=simple
+Environment=LC_CTYPE=C.utf8
+ExecStart=/bin/bash -c "dbus-monitor --profile --system 'type=signal,sender=org.freedesktop.DBus,path=/org/freedesktop/DBus,interface=org.freedesktop.DBus,member=NameAcquired,arg0=org.fedoraproject.FirewallD1' 'type=signal,path=/org/fedoraproject/FirewallD1,interface=org.fedoraproject.FirewallD1,member=Reloaded' | sed -u '/^#/d' | while read -r type timestamp serial sender destination path interface member _junk; do if [[ $type = '#'* ]]; then continue; elif [[ $interface = org.freedesktop.DBus && $member = NameAcquired ]]; then echo 'firewalld started'; podman network reload --all; elif [[ $interface = org.fedoraproject.FirewallD1 && $member = Reloaded ]]; then echo 'firewalld reloaded'; podman network reload --all; fi; done"
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/manifests/base/containers.pp b/manifests/base/containers.pp
index ea4cf506..d2454b87 100644
--- a/manifests/base/containers.pp
+++ b/manifests/base/containers.pp
@@ -56,11 +56,19 @@
       content => "[Service]\nDelegate=yes\n",
       notify  => Nest::Lib::Systemd_reload['containers'],
     ;
+
+    '/etc/systemd/system/podman-firewalld-reload.service':
+      source => 'puppet:///modules/nest/containers/podman-firewalld-reload.service',
+      notify  => Nest::Lib::Systemd_reload['containers'],
+    ;
   }
   ->
   nest::lib::systemd_reload { 'containers': }
   ->
-  service { 'podman.socket':
+  service { [
+    'podman.socket',
+    'podman-firewalld-reload',
+  ]:
     enable => true,
   }