diff --git a/ironic_inspector/firewall.py b/ironic_inspector/firewall.py
index be8cb4bd3..c8e403602 100644
--- a/ironic_inspector/firewall.py
+++ b/ironic_inspector/firewall.py
@@ -135,7 +135,7 @@ def _temporary_chain(chain, main_chain):
 
 def _disable_dhcp():
     """Disable DHCP completely."""
-    global ENABLED
+    global ENABLED, BLACKLIST_CACHE
 
     if not ENABLED:
         LOG.debug('DHCP is already disabled, not updating')
@@ -143,6 +143,7 @@ def _disable_dhcp():
 
     LOG.debug('No nodes on introspection and node_not_found_hook is '
               'not set - disabling DHCP')
+    BLACKLIST_CACHE = None
     with _temporary_chain(NEW_CHAIN, CHAIN):
         # Blacklist everything
         _iptables('-A', NEW_CHAIN, '-j', 'REJECT')
diff --git a/ironic_inspector/test/unit/test_firewall.py b/ironic_inspector/test/unit/test_firewall.py
index 27f27d12d..d0d0a5caa 100644
--- a/ironic_inspector/test/unit/test_firewall.py
+++ b/ironic_inspector/test/unit/test_firewall.py
@@ -288,6 +288,9 @@ class TestFirewall(test_base.NodeTest):
                                                   mock_get_client,
                                                   mock_iptables):
         firewall.init()
+        firewall.BLACKLIST_CACHE = ['foo']
+        mock_get_client.return_value.port.list.return_value = [
+            mock.Mock(address='foobar')]
 
         update_filters_expected_args = [
             ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport',
@@ -317,6 +320,8 @@ class TestFirewall(test_base.NodeTest):
                                 call_args_list):
             self.assertEqual(args, call[0])
 
+        self.assertIsNone(firewall.BLACKLIST_CACHE)
+
         # Check caching enabled flag
 
         mock_iptables.reset_mock()
@@ -330,3 +335,4 @@ class TestFirewall(test_base.NodeTest):
         firewall.update_filters()
 
         mock_iptables.assert_any_call('-A', firewall.NEW_CHAIN, '-j', 'ACCEPT')
+        self.assertEqual({'foobar'}, firewall.BLACKLIST_CACHE)
diff --git a/releasenotes/notes/firewall-rerun-f2d0f64cca2698ff.yaml b/releasenotes/notes/firewall-rerun-f2d0f64cca2698ff.yaml
new file mode 100644
index 000000000..65068a281
--- /dev/null
+++ b/releasenotes/notes/firewall-rerun-f2d0f64cca2698ff.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - Fixed a regression in the firewall code, which causes re-running
+    introspection for an already inspected node to fail.