diff --git a/ironic_inspector/pxe_filter/base.py b/ironic_inspector/pxe_filter/base.py
index 1612e9181..3e0901b00 100644
--- a/ironic_inspector/pxe_filter/base.py
+++ b/ironic_inspector/pxe_filter/base.py
@@ -218,6 +218,11 @@ def _driver_manager():
     global _DRIVER_MANAGER
 
     name = CONF.pxe_filter.driver
+    # FIXME(milan): to be removed after the transition period of deprecating
+    # the firewall option group
+    if name == 'iptables' and not CONF.iptables.manage_firewall:
+        name = 'noop'
+
     if _DRIVER_MANAGER is None:
         _DRIVER_MANAGER = stevedore.driver.DriverManager(
             _STEVEDORE_DRIVER_NAMESPACE,
diff --git a/ironic_inspector/test/unit/test_pxe_filter.py b/ironic_inspector/test/unit/test_pxe_filter.py
index 7ed1a8566..8b5277022 100644
--- a/ironic_inspector/test/unit/test_pxe_filter.py
+++ b/ironic_inspector/test/unit/test_pxe_filter.py
@@ -64,6 +64,20 @@ class TestDriverManager(test_base.BaseTest):
         self.stevedore_driver_mock.assert_not_called()
         self.assertIs(pxe_filter._DRIVER_MANAGER, driver_manager)
 
+    def test_manage_firewall(self):
+        # FIXME(milan): to be removed after the transition period of
+        # deprecating the firewall option group
+        # NOTE(milan) the default filter driver is iptables
+        # this should revert it to noop
+        CONF.set_override('manage_firewall', False, 'iptables')
+        driver_manager = pxe_filter._driver_manager()
+        self.stevedore_driver_mock.assert_called_once_with(
+            pxe_filter._STEVEDORE_DRIVER_NAMESPACE,
+            name='noop',
+            invoke_on_load=True)
+        self.assertIsNotNone(driver_manager)
+        self.assertIs(pxe_filter._DRIVER_MANAGER, driver_manager)
+
 
 class TestDriverManagerLoading(test_base.BaseTest):
     def setUp(self):