diff --git a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml
index 016938972..89b7ed92d 100644
--- a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml
+++ b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml
@@ -352,10 +352,23 @@
     - 6385
   when: ansible_distribution not in ["CentOS", "RedHat"]
 
+- name: "Enable services in firewalld"
+  firewalld:
+    service: "{{ item }}"
+    zone: "{{ 'libvirt' if testing | bool else 'public' }}"
+    state: enabled
+    permanent: yes
+    immediate: yes
+  loop:
+    - dhcp
+    - dhcpv6
+    - tftp
+  when: ansible_distribution in ["CentOS", "RedHat"]
+
 - name: "Enable ports in firewalld"
   firewalld:
     port: "{{ item }}/tcp"
-    zone: "{{ 'libvirt' if testing else 'public' }}"
+    zone: "{{ 'libvirt' if testing | bool else 'public' }}"
     state: enabled
     permanent: yes
     immediate: yes
diff --git a/releasenotes/notes/firewalld-services-4c255c02d8d427f8.yaml b/releasenotes/notes/firewalld-services-4c255c02d8d427f8.yaml
new file mode 100644
index 000000000..155e30397
--- /dev/null
+++ b/releasenotes/notes/firewalld-services-4c255c02d8d427f8.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    Automatically enables DHCP and TFTP services in firewalld on CentOS/RHEL.