diff --git a/backport-network-networkd-address-don-t-set-up-firewall-rules.patch b/backport-network-networkd-address-don-t-set-up-firewall-rules.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d4bebb2d7360ebd978c6e92f470408e43310695d
--- /dev/null
+++ b/backport-network-networkd-address-don-t-set-up-firewall-rules.patch
@@ -0,0 +1,31 @@
+From 58c6e75f263a1562f5550221af1ec1a9b6046143 Mon Sep 17 00:00:00 2001
+From: Topi Miettinen <toiwoton@gmail.com>
+Date: Mon, 4 Dec 2023 21:49:12 +0200
+Subject: [PATCH] network/networkd-address: don't set up firewall rules here
+
+Don't set up firewall rules when we're just initializing the firewall context
+for NFT sets.
+
+Fixes: #30257
+Conflict:NA
+Reference:https://github.com/systemd/systemd/commit/58c6e75f263a1562f5550221af1ec1a9b6046143
+---
+ src/network/networkd-address.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c
+index c1a8cd884..707113767 100644
+--- a/src/network/networkd-address.c
++++ b/src/network/networkd-address.c
+@@ -645,7 +645,7 @@ static void address_modify_nft_set_context(Address *address, bool add, NFTSetCon
+         assert(nft_set_context);
+ 
+         if (!address->link->manager->fw_ctx) {
+-                r = fw_ctx_new(&address->link->manager->fw_ctx);
++                r = fw_ctx_new_full(&address->link->manager->fw_ctx, /* init_tables= */ false);
+                 if (r < 0)
+                         return;
+         }
+-- 
+2.33.0
+
diff --git a/systemd.spec b/systemd.spec
index 9f2ac9f41b91f3dcee242c851461f688adc8923a..70fb71391ecb3a9d783f75c78c27fa469e0125b7 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -25,7 +25,7 @@
 Name:           systemd
 Url:            https://systemd.io/
 Version:        255
-Release:        26
+Release:        27
 License:        MIT and LGPLv2+ and GPLv2+
 Summary:        System and Service Manager
 
@@ -74,6 +74,7 @@ Patch6020:      backport-systemctl-fix-printing-of-RootImageOptions.patch
 Patch6021:      backport-pid1-add-env-var-to-override-default-mount-rate-limit-interval.patch
 Patch6022:      backport-core-escape-spaces-in-paths-during-serialization.patch
 Patch6023:      backport-core-escape-spaces-when-serializing-as-well.patch
+Patch6024:      backport-network-networkd-address-don-t-set-up-firewall-rules.patch
 
 Patch9008:      update-rtc-with-system-clock-when-shutdown.patch
 Patch9009:      udev-add-actions-while-rename-netif-failed.patch
@@ -1663,6 +1664,10 @@ fi
 %{_unitdir}/veritysetup.target
 
 %changelog
+* Mon Dec 09 2024 zhangyao <zhangyao108@huawei.com> - 255-27
+- DESC:network networkd address does not set up firewall rules
+       add backport-network-networkd-address-don-t-set-up-firewall-rules.patch
+
 * Mon Dec 09 2024 zhangyao <zhangyao108@huawei.com> - 255-26
 - DESC:escape spaces during serialization