diff --git a/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml b/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml
index 502845f33f..d08c3d56d3 100644
--- a/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml
+++ b/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml
@@ -79,7 +79,7 @@ outputs:
             - when: nftablesconf is changed
               block:
                 - name: Flush Nftables rules when nftables.conf changed
-                  command: /usr/sbin/nft flush ruleset
+                  shell: if [[ -x /usr/sbin/nft ]]; then /usr/sbin/nft flush ruleset; fi
                 - name: Restart iptables to restore firewall after flushing nftables
                   systemd:
                     state: reloaded