diff --git a/recipes/ml2_linuxbridge.rb b/recipes/ml2_linuxbridge.rb
index 6998c60b..8076bed5 100644
--- a/recipes/ml2_linuxbridge.rb
+++ b/recipes/ml2_linuxbridge.rb
@@ -40,6 +40,8 @@ node.default['openstack']['network']['plugins']['linuxbridge'].tap do |lb|
     '/etc/neutron/plugins/linuxbridge'
   lb['filename'] =
     'linuxbridge_conf.ini'
+  lb['conf']['securitygroup']['firewall_driver'] =
+    'neutron.agent.linux.iptables_firewall.IptablesFirewallDriver'
 end
 
 include_recipe 'openstack-network::plugin_config'
diff --git a/spec/ml2_linuxbridge-redhat_spec.rb b/spec/ml2_linuxbridge-redhat_spec.rb
new file mode 100644
index 00000000..3d2a1ed4
--- /dev/null
+++ b/spec/ml2_linuxbridge-redhat_spec.rb
@@ -0,0 +1,63 @@
+# pkg upgrade
+
+# service
+
+# Encoding: utf-8
+require_relative 'spec_helper'
+
+describe 'openstack-network::ml2_linuxbridge' do
+  describe 'redhat' do
+    let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
+    let(:node) { runner.node }
+    let(:chef_run) do
+      runner.converge(described_recipe)
+    end
+
+    include_context 'neutron-stubs'
+
+    before do
+      node.set['openstack']['network']['plugins']['linuxbridge']['path'] =
+        '/etc/neutron/plugins/linuxbridge'
+      node.set['openstack']['network']['plugins']['linuxbridge']['filename'] =
+        'linuxbridge_conf.ini'
+    end
+    it 'creates the /etc/neutron/plugins/linuxbridge agent directory' do
+      expect(chef_run).to create_directory('/etc/neutron/plugins/linuxbridge').with(
+        owner: 'neutron',
+        group: 'neutron',
+        mode: 0700
+      )
+    end
+    it do
+      expect(chef_run).to include_recipe('openstack-network::plugin_config')
+    end
+
+    describe '/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini' do
+      let(:file) do
+        chef_run.template('/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini')
+      end
+      [
+        /^firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver$/
+      ].each do |line|
+        it do
+          expect(chef_run).to render_config_file(file.name)
+            .with_section_content('securitygroup', line)
+        end
+      end
+    end
+
+    it do
+      %w(openstack-neutron-linuxbridge iproute).each do |pkg|
+        expect(chef_run).to upgrade_package(pkg)
+      end
+    end
+
+    it do
+      expect(chef_run).to enable_service('neutron-linuxbridge-agent')
+    end
+    it do
+      service = chef_run.service('neutron-linuxbridge-agent')
+      expect(service).to(subscribe_to('template[/etc/neutron/neutron.conf]').on(:restart).delayed) && subscribe_to('template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini]').on(:restart).delayed
+    end
+  end
+end
diff --git a/spec/ml2_linuxbridge_spec.rb b/spec/ml2_linuxbridge_spec.rb
index 6cce9a5d..e7f608d9 100644
--- a/spec/ml2_linuxbridge_spec.rb
+++ b/spec/ml2_linuxbridge_spec.rb
@@ -33,6 +33,20 @@ describe 'openstack-network::ml2_linuxbridge' do
       expect(chef_run).to include_recipe('openstack-network::plugin_config')
     end
 
+    describe '/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini' do
+      let(:file) do
+        chef_run.template('/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini')
+      end
+      [
+        /^firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver$/
+      ].each do |line|
+        it do
+          expect(chef_run).to render_config_file(file.name)
+            .with_section_content('securitygroup', line)
+        end
+      end
+    end
+
     it do
       %w(neutron-plugin-linuxbridge neutron-plugin-linuxbridge-agent).each do |pkg|
         expect(chef_run).to upgrade_package(pkg)