diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml
index 9e2003b549..f5e29b588c 100644
--- a/docker/services/neutron-ovs-agent.yaml
+++ b/docker/services/neutron-ovs-agent.yaml
@@ -186,3 +186,19 @@ outputs:
               when:
                 - step|int == 2
                 - remove_neutron_openvswitch_package|bool
+      update_tasks:
+        # puppetlabs-firewall manages security rules via Puppet but make the rules
+        # consistent by default. Since Neutron also creates some rules, we don't
+        # want them to be consistent so we have to ensure that they're not stored
+        # into sysconfig.
+        # https://bugzilla.redhat.com/show_bug.cgi?id=1541528
+        - name: Remove IPv4 iptables rules created by Neutron that are persistent
+          lineinfile: dest=/etc/sysconfig/iptables
+                      regexp=".*neutron-"
+                      state=absent
+          when: step|int == 5
+        - name: Remove IPv6 iptables rules created by Neutron that are persistent
+          lineinfile: dest=/etc/sysconfig/ip6tables
+                      regexp=".*neutron-"
+                      state=absent
+          when: step|int == 5