diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index f59a39aca..e4255ebbf 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -23,6 +23,10 @@ disable_firewalld:
 iptables_restore:
   cmd.run:
     - name: iptables-restore < /etc/sysconfig/iptables
+    - require:
+      - file: iptables_config
+    - onlyif:
+      - iptables-restore --test /etc/sysconfig/iptables
 
 enable_firewalld:
   service.running: