diff --git a/policy/modules/system/iptables.if b/policy/modules/system/iptables.if
index 7ba53db30..c42fbc329 100644
--- a/policy/modules/system/iptables.if
+++ b/policy/modules/system/iptables.if
@@ -42,17 +42,11 @@ interface(`iptables_domtrans',`
 #
 interface(`iptables_run',`
 	gen_require(`
-		type iptables_t;
+		attribute_role iptables_roles;
 	')
 
 	iptables_domtrans($1)
-	role $2 types iptables_t;
-
-	sysnet_run_ifconfig(iptables_t, $2)
-
-	optional_policy(`
-		modutils_run_insmod(iptables_t, $2)
-	')
+	roleattribute $2 iptables_roles;
 ')
 
 ########################################
diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te
index 4f8714674..48e7347e4 100644
--- a/policy/modules/system/iptables.te
+++ b/policy/modules/system/iptables.te
@@ -5,10 +5,13 @@ policy_module(iptables, 1.12.1)
 # Declarations
 #
 
+attribute_role iptables_roles;
+roleattribute system_r iptables_roles;
+
 type iptables_t;
 type iptables_exec_t;
 init_system_domain(iptables_t, iptables_exec_t)
-role system_r types iptables_t;
+role iptables_roles types iptables_t;
 
 type iptables_initrc_exec_t;
 init_script_file(iptables_initrc_exec_t)
@@ -87,7 +90,7 @@ logging_send_syslog_msg(iptables_t)
 
 miscfiles_read_localization(iptables_t)
 
-sysnet_domtrans_ifconfig(iptables_t)
+sysnet_run_ifconfig(iptables_t, iptables_roles)
 sysnet_dns_name_resolve(iptables_t)
 
 userdom_use_user_terminals(iptables_t)
@@ -107,7 +110,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	modutils_domtrans_insmod(iptables_t)
+	modutils_run_insmod(iptables_t, iptables_roles)
 ')
 
 optional_policy(`