diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp
index 42da410..4e67d60 100644
--- a/manifests/firewall/iptables.pp
+++ b/manifests/firewall/iptables.pp
@@ -6,22 +6,20 @@
 class confdroid_ssh::firewall::iptables (
 
 ) inherits confdroid_ssh::params {
-  if $ssh_use_firewall == true {
-    firewall { "${ssh_fw_order}${ssh_fw_port} allow SSH on port ${ssh_fw_port}":
-      ensure => 'present',
-      proto  => 'tcp',
-      source => $ssh_source_range,
-      dport  => $ssh_fw_port,
-      jump   => 'accept',
+  case $ssh_use_firewall {
+    true, 'true', 'yes', '1': {
+      $ssh_fw_ensure = 'present'
+    }
+    default: {
+      $ssh_fw_ensure = 'absent'
     }
   }
-  if $ssh_use_firewall == false {
-    firewall { "${ssh_fw_order}${ssh_fw_port} remove SSH on port ${ssh_fw_port}":
-      ensure => 'absent',
-      proto  => 'tcp',
-      source => $ssh_source_range,
-      dport  => $ssh_fw_port,
-      jump   => 'accept',
-    }
+
+  firewall { "${ssh_fw_order}${ssh_fw_port} allow SSH on port ${ssh_fw_port}":
+    ensure => $ssh_fw_ensure,
+    proto  => 'tcp',
+    source => $ssh_source_range,
+    dport  => $ssh_fw_port,
+    jump   => 'accept',
   }
 }