diff --git a/roles/koji_builder/files/network.conf b/roles/koji_builder/files/network.conf
new file mode 100644
index 0000000000..1998199594
--- /dev/null
+++ b/roles/koji_builder/files/network.conf
@@ -0,0 +1,29 @@
+# Master configuration file for the network driver.
+# All settings described here are optional - if omitted, sensible
+# defaults are used.
+
+# firewall_backend:
+#
+#   determines which subsystem to use to setup firewall packet
+#   filtering rules for virtual networks.
+#
+#   Supported settings:
+#
+#     iptables - use iptables commands to construct the firewall
+#     nftables - use nft commands to construct the firewall
+#
+#   If firewall_backend isn't configured, libvirt will choose the
+#   first available backend from the following list:
+#
+#     [nftables, iptables]
+#
+#   If no backend is available on the host, then the network driver
+#   will fail to start, and an error will be logged.
+#
+#   (NB: switching from one backend to another while there are active
+#   virtual networks *is* supported. The change will take place the
+#   next time that libvirtd/virtnetworkd is restarted - all existing
+#   virtual networks will have their old firewalls removed, and then
+#   reloaded using the new backend.)
+#
+firewall_backend = "iptables"
diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml
index 97f3ac6147..9a4a4492f9 100644
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@@ -236,6 +236,23 @@
   - koji_builder
   when: env != "staging"
 
+# install libvirt/network.conf
+#
+# The default in f41+ is to use nftables, but it's not compatible with the
+# iptables setup we are using on the builders for some reason. 
+# So, switch back to iptables until we switch to nftables, or move everying
+# away from oz/Imagefactory so we don't need virt instances for image builds
+# anymore.
+
+- name: install libvirt/network.conf
+  copy: src=network.conf dest=/etc/libvirt/network.conf
+  notify:
+  - restart virtnetworkd
+  - restart libvirtd
+  tags:
+  - koji_builder
+  when: env != "staging"
+
 #
 # On primary we want to make a /mnt/koji link to /mnt/fedora_koji/koji
 #