diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te
index ce9ea3f34..2a5174c36 100644
--- a/policy/modules/system/iptables.te
+++ b/policy/modules/system/iptables.te
@@ -111,6 +111,7 @@ optional_policy(`
 
 optional_policy(`
 	firewalld_read_config_files(iptables_t)
+	firewalld_read_var_run_files(iptables_t)
 	firewalld_dontaudit_rw_tmp_files(iptables_t)
 ')