diff --git a/packaging/rpm/microshift.spec b/packaging/rpm/microshift.spec
index 5b9336135f..ea3e9406a2 100644
--- a/packaging/rpm/microshift.spec
+++ b/packaging/rpm/microshift.spec
@@ -218,6 +218,9 @@ sed -i -n -e '/^OPTIONS=/!p' -e '$aOPTIONS="--no-mlockall"' /etc/sysconfig/openv
 %systemd_post microshift-ovs-init.service
 systemctl is-active --quiet NetworkManager && systemctl restart --quiet NetworkManager || true
 systemctl enable --now --quiet openvswitch || true
+# configure the firewall rules for pods to intercommunicate
+systemctl is-active --quiet firewalld || firewall-offline-cmd -q --zone=trusted --add-source=10.42.0.0/16
+systemctl is-active --quiet firewalld && firewall-cmd         -q --zone=trusted --add-source=10.42.0.0/16
 
 %preun networking
 %systemd_preun microshift-ovs-init.service
diff --git a/scripts/image-builder/config/kickstart.ks.template b/scripts/image-builder/config/kickstart.ks.template
index 63c3bc7e92..b6c705447b 100644
--- a/scripts/image-builder/config/kickstart.ks.template
+++ b/scripts/image-builder/config/kickstart.ks.template
@@ -56,7 +56,4 @@ chmod 600 /home/redhat/.ssh/authorized_keys
 # Make sure redhat user directory contents ownership is correct
 chown -R redhat:redhat /home/redhat/
 
-# Configure the firewall
-firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16
-
 %end