diff --git a/cni/87-podman-bridge.conflist b/cni/87-podman-bridge.conflist
index 39e79b13c3..cd01b97ced 100644
--- a/cni/87-podman-bridge.conflist
+++ b/cni/87-podman-bridge.conflist
@@ -26,10 +26,6 @@
         "portMappings": true
       }
     },
-    {
-      "type": "firewall",
-      "backend": "iptables"
-    },
     {
       "type": "tuning"
     }
diff --git a/pkg/adapter/network.go b/pkg/adapter/network.go
index b25f54a139..c5bd915348 100644
--- a/pkg/adapter/network.go
+++ b/pkg/adapter/network.go
@@ -209,7 +209,6 @@ func (r *LocalRuntime) NetworkCreateBridge(cli *cliconfig.NetworkCreateValues) (
 	bridge := network.NewHostLocalBridge(bridgeDeviceName, isGateway, false, ipMasq, ipamConfig)
 	plugins = append(plugins, bridge)
 	plugins = append(plugins, network.NewPortMapPlugin())
-	plugins = append(plugins, network.NewFirewallPlugin())
 	// if we find the dnsname plugin, we add configuration for it
 	if network.HasDNSNamePlugin(runtimeConfig.CNIPluginDir) && !cli.DisableDNS {
 		// Note: in the future we might like to allow for dynamic domain names