diff --git a/manifests/init.pp b/manifests/init.pp
index 6ffb172..b280a06 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -20,6 +20,21 @@ class iptables(
 
   include ::iptables::params
 
+  # This is to work-around rhbz#1327786 ; the iptables-service package
+  # incorrectly "provides" an old iptables version and confuses rpm,
+  # making it uninstallable (this was apparently done as part of a
+  # package-split).  Pre-installing the iptables instead of leaving it
+  # up to the dependency resolver works-around this.
+  # 2016-12-20 : fixed in iptables-1.6.0-3.fc26 so we can remove this
+  # when we've moved past F25
+  if $::operatingsystem == 'Fedora' {
+    package { 'iptables-actual':
+      ensure => present,
+      name   => 'iptables',
+      before => Package['iptables']
+    }
+  }
+
   package { 'iptables':
     ensure => present,
     name   => $::iptables::params::package_name,