diff --git a/iptables.init b/iptables.init
index 7d941ec..663d82b 100755
--- a/iptables.init
+++ b/iptables.init
@@ -27,7 +27,8 @@ IPTABLES_CONFIG=/etc/sysconfig/${IPTABLES}-config
 IPV=${IPTABLES%tables} # ip for ipv4 | ip6 for ipv6
 [ "$IPV" = "ip" ] && _IPV="ipv4" || _IPV="ipv6"
 PROC_IPTABLES_NAMES=/proc/net/${IPV}_tables_names
-VAR_SUBSYS_IPTABLES=/var/lock/subsys/$IPTABLES
+RUN_SUBSYS=/run/lock/subsys
+RUN_SUBSYS_IPTABLES=${RUN_SUBSYS}/${IPTABLES}
 
 if [ ! -x /sbin/$IPTABLES ]; then
     echo -n $"${IPTABLES}: /sbin/$IPTABLES does not exist."; warning; echo
@@ -208,8 +209,9 @@ start() {
 	[ $ret -eq 0 ] && success || failure
 	echo
     fi
-    
-    touch $VAR_SUBSYS_IPTABLES
+
+    mkdir -p $RUN_SUBSYS
+    touch $RUN_SUBSYS_IPTABLES
     return $ret
 }
 
@@ -241,7 +243,7 @@ stop() {
 	echo
     fi
     
-    rm -f $VAR_SUBSYS_IPTABLES
+    rm -f $RUN_SUBSYS_IPTABLES
     return $ret
 }
 
@@ -282,7 +284,7 @@ save() {
 }
 
 status() {
-    if [ ! -f "$VAR_SUBSYS_IPTABLES" -a -z "$NF_TABLES" ]; then
+    if [ ! -f "$RUN_SUBSYS_IPTABLES" -a -z "$NF_TABLES" ]; then
 	echo $"${IPTABLES}: Firewall is not running."
 	return 3
     fi
@@ -325,7 +327,7 @@ restart() {
 
 case "$1" in
     start)
-	[ -f "$VAR_SUBSYS_IPTABLES" ] && exit 0
+	[ -f "$RUN_SUBSYS_IPTABLES" ] && exit 0
 	start
 	RETVAL=$?
 	;;
@@ -339,7 +341,7 @@ case "$1" in
 	RETVAL=$?
 	;;
     condrestart|try-restart)
-	[ ! -e "$VAR_SUBSYS_IPTABLES" ] && exit 0
+	[ ! -e "$RUN_SUBSYS_IPTABLES" ] && exit 0
 	restart
 	RETVAL=$?
 	;;
diff --git a/iptables.spec b/iptables.spec
index b09d6f2..1448f1c 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -7,7 +7,7 @@
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
 Version: 1.4.21
-Release: 12%{?dist}
+Release: 13%{?dist}
 Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
@@ -221,6 +221,9 @@ done
 
 
 %changelog
+* Mon Nov 03 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-13
+- iptables.init: use /run/lock/subsys/ instead of /var/lock/subsys/ (RHBZ#1159573)
+
 * Mon Sep 29 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-12
 - ip[6]tables.init: change shebang from /bin/sh to /bin/bash (RHBZ#1147272)