diff --git a/files/osbs/docker.firewall.service b/files/osbs/docker.firewall.service
new file mode 100644
index 0000000000..3000177f64
--- /dev/null
+++ b/files/osbs/docker.firewall.service
@@ -0,0 +1,2 @@
+[Service]
+ExecStartPost=/usr/local/bin/fix-docker-iptables
diff --git a/files/osbs/docker.service b/files/osbs/docker.service
deleted file mode 100644
index 80544cf46a..0000000000
--- a/files/osbs/docker.service
+++ /dev/null
@@ -1,32 +0,0 @@
-[Unit]
-Description=Docker Application Container Engine
-Documentation=http://docs.docker.com
-After=network.target
-Wants=docker-storage-setup.service
-
-[Service]
-Type=notify
-NotifyAccess=all
-EnvironmentFile=-/etc/sysconfig/docker
-EnvironmentFile=-/etc/sysconfig/docker-storage
-EnvironmentFile=-/etc/sysconfig/docker-network
-Environment=GOTRACEBACK=crash
-ExecStart=/usr/bin/docker daemon \
-          --exec-opt native.cgroupdriver=systemd \
-          $OPTIONS \
-          $DOCKER_STORAGE_OPTIONS \
-          $DOCKER_NETWORK_OPTIONS \
-          $INSECURE_REGISTRY
-ExecStartPost=/usr/local/bin/fix-docker-iptables
-LimitNOFILE=1048576
-LimitNPROC=1048576
-LimitCORE=infinity
-MountFlags=slave
-StandardOutput=null
-StandardError=null
-TimeoutStartSec=0
-Restart=on-abnormal
-
-[Install]
-WantedBy=multi-user.target
-
diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml
index d8f02dc92f..7c5622a486 100644
--- a/playbooks/groups/osbs-cluster.yml
+++ b/playbooks/groups/osbs-cluster.yml
@@ -656,10 +656,10 @@
       notify:
         - restart docker
 
-    - name: copy docker service config
+    - name: copy docker custom service config
       copy:
-        src: "{{files}}/osbs/docker.service"
-        dest: /etc/systemd/system/docker.service
+        src: "{{files}}/osbs/docker.firewall.service"
+        dest: /etc/systemd/system/docker.service.d/firewall.conf
       notify:
         - systemctl daemon-reload
         - restart docker