diff --git a/modules/iptables/manifests/init.pp b/modules/iptables/manifests/init.pp
index c7c95373d1..576ce16ed0 100644
--- a/modules/iptables/manifests/init.pp
+++ b/modules/iptables/manifests/init.pp
@@ -23,12 +23,21 @@ class iptables(
     name   => $::iptables::params::package_name,
   }
 
-  service { 'iptables':
-    name       => $::iptables::params::service_name,
-    require    => Package['iptables'],
-    hasstatus  => $::iptables::params::service_has_status,
-    status     => $::iptables::params::service_status_cmd,
-    hasrestart => $::iptables::params::service_has_restart,
+  if ($::in_chroot) {
+    notify { 'iptables in chroot':
+      message => 'Iptables not refreshed, running in chroot',
+    }
+    $notify_iptables = []
+  }
+  else {
+    service { 'iptables':
+      name       => $::iptables::params::service_name,
+      require    => Package['iptables'],
+      hasstatus  => $::iptables::params::service_has_status,
+      status     => $::iptables::params::service_status_cmd,
+      hasrestart => $::iptables::params::service_has_restart,
+    }
+    $notify_iptables = Service['iptables']
   }
 
   file { $::iptables::params::rules_dir:
@@ -49,7 +58,7 @@ class iptables(
       File[$::iptables::params::rules_dir],
     ],
     # When this file is updated, make sure the rules get reloaded.
-    notify  => Service['iptables'],
+    notify  => $notify_iptables,
   }
 
   file { $::iptables::params::ipv4_rules:
@@ -59,7 +68,7 @@ class iptables(
     mode    => '0640',
     target  => "${::iptables::params::rules_dir}/rules",
     require => File["${::iptables::params::rules_dir}/rules"],
-    notify  => Service['iptables'],
+    notify  => $notify_iptables,
   }
 
   file { $::iptables::params::ipv6_rules:
@@ -73,7 +82,7 @@ class iptables(
       File[$::iptables::params::rules_dir],
     ],
     # When this file is updated, make sure the rules get reloaded.
-    notify  => Service['iptables'],
+    notify  => $notify_iptables,
     replace => true,
   }
 }