containers
diff --git a/‎Cargo.lock‎
Lines changed: 0 additions & 17 deletions b/‎Cargo.lock‎
Lines changed: 0 additions & 17 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 0 additions & 1 deletion b/‎Cargo.toml‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎build.rs‎
Lines changed: 3 additions & 4 deletions b/‎build.rs‎
Lines changed: 3 additions & 4 deletions
diff --git a/‎docs/netavark-firewalld.7.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/netavark-firewalld.7.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎rpm/netavark.spec‎
Lines changed: 1 addition & 14 deletions b/‎rpm/netavark.spec‎
Lines changed: 1 addition & 14 deletions
diff --git a/‎src/firewall/fwnone.rs‎
Lines changed: 1 addition & 1 deletion b/‎src/firewall/fwnone.rs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/firewall/iptables.rs‎
Lines changed: 0 additions & 218 deletions b/‎src/firewall/iptables.rs‎
Lines changed: 0 additions & 218 deletions
@@ -37,7 +37,6 @@ anyhow = "1.0.93"
 clap = { version = "~4.5.51", features = ["derive", "env"] }
 env_logger = "0.11.8"
 ipnet = { version = "2.11.0", features = ["serde"] }
-iptables = "0.6.0"
 libc = "0.2.157"
 log = "0.4.28"
 serde = { version = "1.0.228", features = ["derive"] }
 
@@ -10,7 +10,7 @@ Netavark is a tool for configuring networking for Linux containers. Its features
 * Configuration of container networks via JSON configuration file
 * Creation and management of required network interfaces, including MACVLAN networks
 * All required firewall configuration to perform NAT and port forwarding as required for containers
-* Support for iptables, firewalld and nftables
+* Support for firewalld and nftables
 * Support for rootless containers
 * Support for IPv4 and IPv6
 * Support for container DNS resolution via the [aardvark-dns](https://github.com/containers/aardvark-dns) project
 
@@ -64,17 +64,16 @@ fn main() {
     println!("cargo:rustc-env=GIT_COMMIT={commit}");
 
     // Handle default firewall driver.
-    // Allowed values "nftables" and "iptables".
+    // Allowed values "nftables" and "none".
     let fwdriver = match env::var("NETAVARK_DEFAULT_FW")
-        .unwrap_or("iptables".to_string())
+        .unwrap_or("nftables".to_string())
         .as_str()
     {
         "nftables" => "nftables",
-        "iptables" => "iptables",
         "none" => "none",
         inv => panic!("Invalid default firewall driver {inv}"),
     };
-    println!("cargo:rustc-check-cfg=cfg(default_fw, values(\"nftables\", \"iptables\", \"none\"))");
+    println!("cargo:rustc-check-cfg=cfg(default_fw, values(\"nftables\", \"none\"))");
     println!("cargo:rustc-cfg=default_fw=\"{fwdriver}\"");
     println!("cargo:rustc-env=DEFAULT_FW={fwdriver}");
 }
@@ -9,7 +9,7 @@ netavark-firewalld - description of the interaction of Netavark and firewalld
 ## Description
 
 Netavark can be used on systems with firewalld enabled without issue.
-When using the default `nftables` or `iptables` firewall drivers, on systems where firewalld is running, firewalld will automatically be configured to allow connectivity to Podman containers.
+When using the default `nftables` firewall driver, on systems where firewalld is running, firewalld will automatically be configured to allow connectivity to Podman containers.
 All subnets of Podman-managed networks will be automatically added to the `trusted` zone to allow this access.
 
 ### Firewalld Driver
 
@@ -14,15 +14,6 @@
 # Minimum X.Y dep for aardvark-dns
 %define major_minor %((v=%{version}; echo ${v%.*}))
 
-# Set default firewall to nftables on CentOS Stream 10+, RHEL 10+, Fedora 41+
-# and default to iptables on all other environments
-# The `rhel` macro is defined on CentOS Stream, RHEL as well as Fedora ELN.
-%if (%{defined rhel} && 0%{?rhel} >= 10) || (%{defined fedora} && 0%{?fedora} >= 41)
-%define default_fw nftables
-%else
-%define default_fw iptables
-%endif
-
 Name: netavark
 # Set a different Epoch for copr builds
 %if %{defined copr_username}
@@ -49,11 +40,7 @@ BuildRequires: %{_bindir}/go-md2man
 # aardvark-dns and %%{name} are usually released in sync
 Requires: aardvark-dns >=  %{epoch}:%{major_minor}
 Provides: container-network-stack = 2
-%if "%{default_fw}" == "nftables"
 Requires: nftables
-%else
-Requires: iptables
-%endif
 BuildRequires: make
 BuildRequires: protobuf-c
 BuildRequires: protobuf-compiler
@@ -82,7 +69,7 @@ Its features include:
     including MACVLAN networks
 * All required firewall configuration to perform NAT and port
     forwarding as required for containers
-* Support for iptables, firewalld and nftables
+* Support for firewalld and nftables
 * Support for rootless containers
 * Support for IPv4 and IPv6
 * Support for container DNS resolution via aardvark-dns.
 
@@ -4,7 +4,7 @@ use crate::network::internal_types::{
     PortForwardConfig, SetupNetwork, TearDownNetwork, TeardownPortForward,
 };
 
-// Iptables driver - uses direct iptables commands via the iptables crate.
+// Fwnone driver - No-op firewall implementation.
 pub struct Fwnone {}
 
 pub fn new() -> NetavarkResult<Box<dyn firewall::FirewallDriver>> {