diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html
index 72537f1..935ccb0 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html
@@ -120,9 +120,7 @@
 22
 23
 24
-25
-26
-27</pre>
+25</pre>
       </td>
       <td>
         <pre class="code"><span class="info file"># File 'manifests/firewall/iptables.pp', line 6</span>
@@ -130,23 +128,21 @@
 class confdroid_ssh::firewall::iptables (
 
 ) inherits confdroid_ssh::params {
-  if $ssh_use_firewall == true {
-    firewall { &quot;${ssh_fw_order}${ssh_fw_port} allow SSH on port ${ssh_fw_port}&quot;:
-      ensure =&gt; &#39;present&#39;,
-      proto  =&gt; &#39;tcp&#39;,
-      source =&gt; $ssh_source_range,
-      dport  =&gt; $ssh_fw_port,
-      jump   =&gt; &#39;accept&#39;,
+  case $ssh_use_firewall {
+    true, &#39;true&#39;, &#39;yes&#39;, &#39;1&#39;: {
+      $ssh_fw_ensure = &#39;present&#39;
+    }
+    default: {
+      $ssh_fw_ensure = &#39;absent&#39;
     }
   }
-  if $ssh_use_firewall == false {
-    firewall { &quot;${ssh_fw_order}${ssh_fw_port} remove SSH on port ${ssh_fw_port}&quot;:
-      ensure =&gt; &#39;absent&#39;,
-      proto  =&gt; &#39;tcp&#39;,
-      source =&gt; $ssh_source_range,
-      dport  =&gt; $ssh_fw_port,
-      jump   =&gt; &#39;accept&#39;,
-    }
+
+  firewall { &quot;${ssh_fw_order}${ssh_fw_port} allow SSH on port ${ssh_fw_port}&quot;:
+    ensure =&gt; $ssh_fw_ensure,
+    proto  =&gt; &#39;tcp&#39;,
+    source =&gt; $ssh_source_range,
+    dport  =&gt; $ssh_fw_port,
+    jump   =&gt; &#39;accept&#39;,
   }
 }</pre>
       </td>
diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp
index 42da410..4e67d60 100644
--- a/manifests/firewall/iptables.pp
+++ b/manifests/firewall/iptables.pp
@@ -6,22 +6,20 @@
 class confdroid_ssh::firewall::iptables (
 
 ) inherits confdroid_ssh::params {
-  if $ssh_use_firewall == true {
-    firewall { "${ssh_fw_order}${ssh_fw_port} allow SSH on port ${ssh_fw_port}":
-      ensure => 'present',
-      proto  => 'tcp',
-      source => $ssh_source_range,
-      dport  => $ssh_fw_port,
-      jump   => 'accept',
+  case $ssh_use_firewall {
+    true, 'true', 'yes', '1': {
+      $ssh_fw_ensure = 'present'
+    }
+    default: {
+      $ssh_fw_ensure = 'absent'
     }
   }
-  if $ssh_use_firewall == false {
-    firewall { "${ssh_fw_order}${ssh_fw_port} remove SSH on port ${ssh_fw_port}":
-      ensure => 'absent',
-      proto  => 'tcp',
-      source => $ssh_source_range,
-      dport  => $ssh_fw_port,
-      jump   => 'accept',
-    }
+
+  firewall { "${ssh_fw_order}${ssh_fw_port} allow SSH on port ${ssh_fw_port}":
+    ensure => $ssh_fw_ensure,
+    proto  => 'tcp',
+    source => $ssh_source_range,
+    dport  => $ssh_fw_port,
+    jump   => 'accept',
   }
 }