diff --git a/doc/_index.html b/doc/_index.html
index b9c274a..f5b0f9a 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -73,6 +73,11 @@
       
             </li>
     
+            <li>
+      <span class='object_link'><a href="puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html" title="puppet_classes::confdroid_ssh::firewall::iptables (puppet_class)">confdroid_ssh::firewall::iptables</a></span>
+      
+            </li>
+    
             <li>
       <span class='object_link'><a href="puppet_classes/confdroid_ssh_3A_3Amain_3A_3Aconfig.html" title="puppet_classes::confdroid_ssh::main::config (puppet_class)">confdroid_ssh::main::config</a></span>
       
diff --git a/doc/puppet_class_list.html b/doc/puppet_class_list.html
index 87e5d2f..5557e96 100644
--- a/doc/puppet_class_list.html
+++ b/doc/puppet_class_list.html
@@ -43,49 +43,56 @@
     </li>
     
 
-    <li id="object_puppet_classes::confdroid_ssh::main::config" class="even">
+    <li id="object_puppet_classes::confdroid_ssh::firewall::iptables" class="even">
+      <div class="item">
+        <span class='object_link'><a href="puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html" title="puppet_classes::confdroid_ssh::firewall::iptables (puppet_class)">confdroid_ssh::firewall::iptables</a></span>
+      </div>
+    </li>
+    
+
+    <li id="object_puppet_classes::confdroid_ssh::main::config" class="odd">
       <div class="item">
         <span class='object_link'><a href="puppet_classes/confdroid_ssh_3A_3Amain_3A_3Aconfig.html" title="puppet_classes::confdroid_ssh::main::config (puppet_class)">confdroid_ssh::main::config</a></span>
       </div>
     </li>
     
 
-    <li id="object_puppet_classes::confdroid_ssh::main::dirs" class="odd">
+    <li id="object_puppet_classes::confdroid_ssh::main::dirs" class="even">
       <div class="item">
         <span class='object_link'><a href="puppet_classes/confdroid_ssh_3A_3Amain_3A_3Adirs.html" title="puppet_classes::confdroid_ssh::main::dirs (puppet_class)">confdroid_ssh::main::dirs</a></span>
       </div>
     </li>
     
 
-    <li id="object_puppet_classes::confdroid_ssh::main::files" class="even">
+    <li id="object_puppet_classes::confdroid_ssh::main::files" class="odd">
       <div class="item">
         <span class='object_link'><a href="puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html" title="puppet_classes::confdroid_ssh::main::files (puppet_class)">confdroid_ssh::main::files</a></span>
       </div>
     </li>
     
 
-    <li id="object_puppet_classes::confdroid_ssh::main::install" class="odd">
+    <li id="object_puppet_classes::confdroid_ssh::main::install" class="even">
       <div class="item">
         <span class='object_link'><a href="puppet_classes/confdroid_ssh_3A_3Amain_3A_3Ainstall.html" title="puppet_classes::confdroid_ssh::main::install (puppet_class)">confdroid_ssh::main::install</a></span>
       </div>
     </li>
     
 
-    <li id="object_puppet_classes::confdroid_ssh::main::service" class="even">
+    <li id="object_puppet_classes::confdroid_ssh::main::service" class="odd">
       <div class="item">
         <span class='object_link'><a href="puppet_classes/confdroid_ssh_3A_3Amain_3A_3Aservice.html" title="puppet_classes::confdroid_ssh::main::service (puppet_class)">confdroid_ssh::main::service</a></span>
       </div>
     </li>
     
 
-    <li id="object_puppet_classes::confdroid_ssh::params" class="odd">
+    <li id="object_puppet_classes::confdroid_ssh::params" class="even">
       <div class="item">
         <span class='object_link'><a href="puppet_classes/confdroid_ssh_3A_3Aparams.html" title="puppet_classes::confdroid_ssh::params (puppet_class)">confdroid_ssh::params</a></span>
       </div>
     </li>
     
 
-    <li id="object_puppet_classes::confdroid_ssh::selinux::semanage" class="even">
+    <li id="object_puppet_classes::confdroid_ssh::selinux::semanage" class="odd">
       <div class="item">
         <span class='object_link'><a href="puppet_classes/confdroid_ssh_3A_3Aselinux_3A_3Asemanage.html" title="puppet_classes::confdroid_ssh::selinux::semanage (puppet_class)">confdroid_ssh::selinux::semanage</a></span>
       </div>
diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html
index 515d544..0f23945 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html
@@ -113,7 +113,16 @@
 15
 16
 17
-18</pre>
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27</pre>
       </td>
       <td>
         <pre class="code"><span class="info file"># File 'manifests/firewall/iptables.pp', line 6</span>
@@ -121,7 +130,7 @@
 class confdroid_ssh::firewall::iptables (
 
 ) inherits confdroid_ssh::params {
-  if $ssh_use_firewall {
+  if $ssh_use_firewall == true {
     firewall { &quot;${ssh_fw_order}${ssh_fw_port} allow SSH on port ${ssh_fw_port}&quot;:
       ensure =&gt; &#39;present&#39;,
       proto  =&gt; &#39;tcp&#39;,
@@ -130,6 +139,15 @@ class confdroid_ssh::firewall::iptables (
       jump   =&gt; &#39;accept&#39;,
     }
   }
+  else {
+    firewall { &quot;${ssh_fw_order}${ssh_fw_port} remove SSH on port ${ssh_fw_port}&quot;:
+      ensure =&gt; &#39;absent&#39;,
+      proto  =&gt; &#39;tcp&#39;,
+      source =&gt; $ssh_source_range,
+      dport  =&gt; $ssh_fw_port,
+      jump   =&gt; &#39;accept&#39;,
+    }
+  }
 }</pre>
       </td>
     </tr>
diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
index 501f091..d7b6f9c 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
@@ -79,6 +79,8 @@
       
       <span class='object_link'><a href="confdroid_ssh_3A_3Aselinux_3A_3Asemanage.html" title="puppet_classes::confdroid_ssh::selinux::semanage (puppet_class)">confdroid_ssh::selinux::semanage</a></span><br/>
       
+      <span class='object_link'><a href="confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html" title="puppet_classes::confdroid_ssh::firewall::iptables (puppet_class)">confdroid_ssh::firewall::iptables</a></span><br/>
+      
     </dd>
   </dl>
   
diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp
index 400b418..665441d 100644
--- a/manifests/firewall/iptables.pp
+++ b/manifests/firewall/iptables.pp
@@ -14,6 +14,7 @@ class confdroid_ssh::firewall::iptables (
       dport  => $ssh_fw_port,
       jump   => 'accept',
     }
+  }
   else {
     firewall { "${ssh_fw_order}${ssh_fw_port} remove SSH on port ${ssh_fw_port}":
       ensure => 'absent',
@@ -21,7 +22,7 @@ class confdroid_ssh::firewall::iptables (
       source => $ssh_source_range,
       dport  => $ssh_fw_port,
       jump   => 'accept',
-      }
     }
   }
 }
+