diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 7dd4aeabfe..e270c716b7 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -143,6 +143,13 @@
   - base
   when: not nftables
 
+- name: Ensure nftables is not installed
+  ansible.builtin.package: state=absent name=nftables
+  tags:
+  - packages
+  - base
+  when: not nftables
+
 - name: Ensure nftables is installed
   ansible.builtin.package: state=present name=nftables
   tags:
@@ -150,6 +157,13 @@
   - base
   when: nftables
 
+- name: Ensure iptables is not installed
+  ansible.builtin.package: state=absent name=iptables
+  tags:
+  - packages
+  - base
+  when: nftables
+
 - name: Ensure ipset is installed
   ansible.builtin.package: state=present name=ipset
   tags:
@@ -251,16 +265,6 @@
   - baseiptables|bool
   - not nftables
 
-- name: Iptables service disabled
-  service: name=iptables state=stopped enabled=false
-  tags:
-  - iptables
-  - service
-  - base
-  when:
-  - baseiptables|bool
-  - nftables
-
 - name: Nftables service enabled
   service: name=nftables state=started enabled=true
   tags:
@@ -271,16 +275,6 @@
   - baseiptables|bool
   - nftables
 
-- name: Nftables service disabled
-  service: name=nftables state=started enabled=false
-  tags:
-  - iptables
-  - service
-  - base
-  when:
-  - baseiptables|bool
-  - not nftables
-
 - name: Ip6tables
   ansible.builtin.template: src={{ item }} dest=/etc/sysconfig/ip6tables mode=0600 backup=yes
   with_first_found: