diff --git a/files/default/neutron-enable-bridge-firewall.sh b/files/default/neutron-enable-bridge-firewall.sh
new file mode 100644
index 00000000..a6741152
--- /dev/null
+++ b/files/default/neutron-enable-bridge-firewall.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# this script is intentionally reduced to an exit call to eliminate the
+# automatic invocation of iptables.
+# lp: https://bugs.launchpad.net/neutron/+bug/1622914
+# bz: https://bugzilla.redhat.com/show_bug.cgi?id=1421022
+exit 0
diff --git a/recipes/default.rb b/recipes/default.rb
index ab36fd66..3c8137aa 100644
--- a/recipes/default.rb
+++ b/recipes/default.rb
@@ -73,6 +73,15 @@ template '/etc/neutron/rootwrap.conf' do
   )
 end
 
+cookbook_file '/usr/bin/neutron-enable-bridge-firewall.sh' do
+  source 'neutron-enable-bridge-firewall.sh'
+  owner 'root'
+  group 'wheel'
+  mode '0755'
+  action :create
+  only_if { node['platform_family'] == 'redhat' }
+end
+
 if node['openstack']['mq']['service_type'] == 'rabbit'
   node.default['openstack']['network']['conf_secrets']['DEFAULT']['transport_url'] = rabbit_transport_url 'network'
 end