diff --git a/libnetwork/firewall_linux.go b/libnetwork/firewall_linux.go
index f2bb2f5e27..954fe01832 100644
--- a/libnetwork/firewall_linux.go
+++ b/libnetwork/firewall_linux.go
@@ -24,6 +24,11 @@ func (c *Controller) selectFirewallBackend() {
 // Sets up the DOCKER-USER chain for each iptables version (IPv4, IPv6) that's
 // enabled in the controller's configuration.
 func (c *Controller) setupUserChains() {
+	// There's no equivalent to DOCKER-USER in the nftables implementation.
+	if nftables.Enabled() {
+		return
+	}
+
 	setup := func() error {
 		var errs []error
 		for _, ipVersion := range c.enabledIptablesVersions() {
diff --git a/libnetwork/firewall_linux_test.go b/libnetwork/firewall_linux_test.go
index 9bdbf27742..a6d51f723e 100644
--- a/libnetwork/firewall_linux_test.go
+++ b/libnetwork/firewall_linux_test.go
@@ -6,10 +6,10 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/docker/docker/libnetwork/drivers/bridge"
-
 	"github.com/docker/docker/internal/testutils/netnsutils"
 	"github.com/docker/docker/libnetwork/config"
+	"github.com/docker/docker/libnetwork/drivers/bridge"
+	"github.com/docker/docker/libnetwork/internal/nftables"
 	"github.com/docker/docker/libnetwork/iptables"
 	"github.com/docker/docker/libnetwork/netlabel"
 	"github.com/docker/docker/libnetwork/options"
@@ -17,6 +17,7 @@ import (
 	is "gotest.tools/v3/assert/cmp"
 	"gotest.tools/v3/golden"
 	"gotest.tools/v3/icmd"
+	"gotest.tools/v3/skip"
 )
 
 const (
@@ -71,6 +72,7 @@ func TestUserChain(t *testing.T) {
 				}))
 			assert.NilError(t, err)
 			defer c.Stop()
+			skip.If(t, nftables.Enabled(), "nftables is enabled, skipping iptables test")
 
 			// init. condition
 			golden.Assert(t, getRules(t, iptable4, fwdChainName),