diff --git a/conf/systemd/packetfence-firewalld.service b/conf/systemd/packetfence-firewalld.service
index 6e7e2ad0f2e8..1d9c4f6f08e6 100644
--- a/conf/systemd/packetfence-firewalld.service
+++ b/conf/systemd/packetfence-firewalld.service
@@ -16,6 +16,7 @@ ExecStartPre=/bin/bash -c "/bin/rm -rf /usr/lib/systemd/system/firewalld.service
 ExecStartPre=/bin/perl -I/usr/local/pf/lib -I/usr/local/pf/lib_perl/lib/perl5 '-Mpf::firewalld' '-Mpf::config' -e 'pf::firewalld::firewalld_generate_pfconf_configs()'
 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS --system-config /usr/local/pf/var/conf/firewalld --default-config /usr/local/pf/var/conf/firewalld
 ExecStartPost=/bin/perl -I/usr/local/pf/lib -I/usr/local/pf/lib_perl/lib/perl5 '-Mpf::firewalld' '-Mpf::config' -e 'pf::firewalld::firewalld_generate_configs()'
+ExecStop=/bin/perl -I/usr/local/pf/lib -I/usr/local/pf/lib_perl/lib/perl5 '-Mpf::firewalld' '-Mpf::config' '-Mpf::services::manager::firewalld' -e 'pf::services::manager::firewalld->_stop()'
 
 ExecReload=/bin/kill -HUP $MAINPID
 # supress to log debug and error output also to /var/log/messages
diff --git a/lib/pf/services/manager/firewalld.pm b/lib/pf/services/manager/firewalld.pm
index 350492a7b329..b47dbe4ed4d3 100644
--- a/lib/pf/services/manager/firewalld.pm
+++ b/lib/pf/services/manager/firewalld.pm
@@ -92,7 +92,7 @@ Wrapper around systemctl. systemctl should in turn call the actual _stop.
 =cut
 
 sub stop {
-    my ($self) = @_;
+    #my ($self) = @_;
     system('sudo systemctl stop packetfence-firewalld');
     return 1;
 }
@@ -104,12 +104,12 @@ stop firewalld
 =cut
 
 sub _stop {
-    my ($self) = @_;
+    #my ($self) = @_;
     my $logger = get_logger();
+    pf_run("sudo systemctl stop packetfence-firewalld");
     pf_run("sudo iptables -F");
     pf_run("sudo iptables -X");
     pf_run("sudo iptables -t nat -F");
-    pf_run("sudo iptables -t nat -X");
     pf_run("sudo iptables -t mangle -F");
     pf_run("sudo iptables -t mangle -X");
     pf_run("sudo iptables -P INPUT ACCEPT");
@@ -120,7 +120,6 @@ sub _stop {
     pf_run("sudo iptables -t nat -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER");
     pf_run("sudo iptables -t nat -A POSTROUTING -s 100.64.0.0/10 ! -o docker0 -j MASQUERADE");
     pf_run("sudo iptables -t nat -A DOCKER -i docker0 -j RETURN");
-    pf_run("sudo systemctl stop packetfence-firewalld");
     return 1;
 }