diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp
index 665441d..42da410 100644
--- a/manifests/firewall/iptables.pp
+++ b/manifests/firewall/iptables.pp
@@ -15,7 +15,7 @@ class confdroid_ssh::firewall::iptables (
       jump   => 'accept',
     }
   }
-  else {
+  if $ssh_use_firewall == false {
     firewall { "${ssh_fw_order}${ssh_fw_port} remove SSH on port ${ssh_fw_port}":
       ensure => 'absent',
       proto  => 'tcp',
@@ -25,4 +25,3 @@ class confdroid_ssh::firewall::iptables (
     }
   }
 }
-