diff --git a/libnetwork/iptables/firewalld.go b/libnetwork/iptables/firewalld.go
index 8b9db66f51..c659c94dc6 100644
--- a/libnetwork/iptables/firewalld.go
+++ b/libnetwork/iptables/firewalld.go
@@ -243,8 +243,13 @@ func setupDockerZone() error {
 	return nil
 }
 
-// AddInterfaceFirewalld adds the interface to the trusted zone
+// AddInterfaceFirewalld adds the interface to the trusted zone. It is a
+// no-op if firewalld is not running.
 func AddInterfaceFirewalld(intf string) error {
+	if !firewalldRunning {
+		return nil
+	}
+
 	var intfs []string
 	// Check if interface is already added to the zone
 	if err := connection.sysObj.Call(dbusInterface+".zone.getInterfaces", 0, dockerZone).Store(&intfs); err != nil {
@@ -264,8 +269,13 @@ func AddInterfaceFirewalld(intf string) error {
 	return nil
 }
 
-// DelInterfaceFirewalld removes the interface from the trusted zone
+// DelInterfaceFirewalld removes the interface from the trusted zone It is a
+// no-op if firewalld is not running.
 func DelInterfaceFirewalld(intf string) error {
+	if !firewalldRunning {
+		return nil
+	}
+
 	var intfs []string
 	// Check if interface is part of the zone
 	if err := connection.sysObj.Call(dbusInterface+".zone.getInterfaces", 0, dockerZone).Store(&intfs); err != nil {
diff --git a/libnetwork/iptables/iptables.go b/libnetwork/iptables/iptables.go
index d88caa9c99..f13a91f530 100644
--- a/libnetwork/iptables/iptables.go
+++ b/libnetwork/iptables/iptables.go
@@ -203,16 +203,14 @@ func (iptable IPTable) ProgramChain(c *ChainInfo, bridgeName string, hairpinMode
 		return errors.New("could not program chain, missing chain name")
 	}
 
-	// Either add or remove the interface from the firewalld zone
-	if firewalldRunning {
-		if enable {
-			if err := AddInterfaceFirewalld(bridgeName); err != nil {
-				return err
-			}
-		} else {
-			if err := DelInterfaceFirewalld(bridgeName); err != nil && !errdefs.IsNotFound(err) {
-				return err
-			}
+	// Either add or remove the interface from the firewalld zone, if firewalld is running.
+	if enable {
+		if err := AddInterfaceFirewalld(bridgeName); err != nil {
+			return err
+		}
+	} else {
+		if err := DelInterfaceFirewalld(bridgeName); err != nil && !errdefs.IsNotFound(err) {
+			return err
 		}
 	}