As originally written, our Firewalld code places all networks in a single zone. It is not possible to easily restrict the flow of traffic within a zone; they're meant to be the basis for how traffic flows are defined. To properly support the Isolation functionality added to Netavark we need to have each Podman network in a separate zone. We can then define rules as to how the networks will talk to each other.