diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp
index d7b0dcf..42da410 100644
--- a/manifests/firewall/iptables.pp
+++ b/manifests/firewall/iptables.pp
@@ -15,7 +15,7 @@ class confdroid_ssh::firewall::iptables (
       jump   => 'accept',
     }
   }
-  if $ssh_use_firewall != true {
+  if $ssh_use_firewall == false {
     firewall { "${ssh_fw_order}${ssh_fw_port} remove SSH on port ${ssh_fw_port}":
       ensure => 'absent',
       proto  => 'tcp',
diff --git a/manifests/main/service.pp b/manifests/main/service.pp
index 7d1a318..46d850f 100644
--- a/manifests/main/service.pp
+++ b/manifests/main/service.pp
@@ -7,9 +7,7 @@ class confdroid_ssh::main::service (
 ) inherits confdroid_ssh::params {
   require confdroid_ssh::main::files
   require confdroid_ssh::selinux::semanage
-  if $ssh_use_firewall {
-    require confdroid_ssh::firewall::iptables
-  }
+  require confdroid_ssh::firewall::iptables
 
   service { $sshd_service:
     ensure     => running,