diff --git a/firewall/manifests/init.pp b/firewall/manifests/init.pp
index 7f32cc1..3ca648d 100644
--- a/firewall/manifests/init.pp
+++ b/firewall/manifests/init.pp
@@ -171,13 +171,24 @@ class firewall::common::iptables {
         require => Package["iptables"],
         notify  => Service["iptables"],
     }
+    case $::operatingsystem {
+        "ubuntu": {
+            if versioncmp($::operatingsystemrelease, "16.04") < 0 {
+                $service = "iptables-persistent"
+            } else {
+                $service = "netfilter-persistent"
+            }
+        }
+        "debian": {
+            $service = "iptables-persistent"
+        }
+        default: {
+            $service = "iptables"
+        }
+    }
     service { "iptables":
         ensure  => running,
-        name    => $::operatingsystem ? {
-            "debian" => "iptables-persistent",
-            "ubuntu" => "iptables-persistent",
-            default  => "iptables",
-        },
+        name    => $service,
         alias   => $::operatingsystem ? {
             "debian" => "ip6tables",
             "ubuntu" => "ip6tables",