diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 8f2ec67d05..f326f56827 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -251,6 +251,16 @@
   - baseiptables|bool
   - not nftables
 
+- name: Iptables service disabled
+  service: name=iptables state=stopped enabled=false
+  tags:
+  - iptables
+  - service
+  - base
+  when:
+  - baseiptables|bool
+  - nftables
+
 - name: Nftables service enabled
   service: name=nftables state=started enabled=true
   tags:
@@ -290,6 +300,16 @@
   - baseiptables|bool
   - not nftables
 
+- name: Ip6tables service disabled
+  service: name=ip6tables state=stopped enabled=false
+  tags:
+  - ip6tables
+  - service
+  - base
+  when:
+  - baseiptables|bool
+  - nftables
+
 - name: Enable journald persistence
   ansible.builtin.file: path=/var/log/journal state=directory
         owner=root group=systemd-journal mode=2755
diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml
index 5b75bb0ff6..464a2bac7b 100644
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@@ -394,6 +394,13 @@
   - koji_builder
   - koji_builder/osbuildapi
 
+- name: Remove cron job to run osbuild api ip update script.
+  ansible.builtin.file: path=/etc/cron.d/osbuildapi-update.cron state=absent
+  when: nftables
+  tags:
+  - koji_builder
+  - koji_builder/osbuildapi
+
 - name: Install script to update osbuild api ip in the firewall (nftables)
   ansible.builtin.template: src=osbuildapi-update-nft.sh dest=/usr/local/bin/osbuildapi-update-nft.sh mode=755
   when: nftables