diff --git a/manifests/init.pp b/manifests/init.pp
index 81f4a1f..01de6b7 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -39,6 +39,17 @@ class iptables(
       enable     => true,
     }
     $notify_iptables = Service['iptables']
+
+    # On centos 7 firewalld and iptables-service confuse each other and you
+    # end up with no firewall rules at all. Disable firewalld so that
+    # iptables-service can be in charge.
+    if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease >= '7') {
+      service { 'firewalld':
+        ensure => 'stopped',
+        enable => false,
+        before => Package['iptables'],
+      }
+    }
   }
 
   file { $::iptables::params::rules_dir: