diff --git a/src/util/viriptables.c b/src/util/viriptables.c
index 9e03cc4014ff7365806ba6b5e375a3770338dd47..45f7789aceb1e1b6d70a0399ffc3cf382d832769 100644
--- a/src/util/viriptables.c
+++ b/src/util/viriptables.c
@@ -60,6 +60,7 @@ static int
 virIpTablesOnceInit(void)
 {
     virCommandPtr cmd;
+    int status;
 
 #if HAVE_FIREWALLD
     firewall_cmd_path = virFindFileInPath("firewall-cmd");
@@ -70,7 +71,8 @@ virIpTablesOnceInit(void)
         cmd = virCommandNew(firewall_cmd_path);
 
         virCommandAddArgList(cmd, "--state", NULL);
-        if (virCommandRun(cmd, NULL) < 0) {
+        /* don't log non-zero status */
+        if (virCommandRun(cmd, &status) < 0 || status != 0) {
             VIR_INFO("firewall-cmd found but disabled for iptables");
             VIR_FREE(firewall_cmd_path);
             firewall_cmd_path = NULL;
@@ -87,7 +89,8 @@ virIpTablesOnceInit(void)
 
     cmd = virCommandNew(IPTABLES_PATH);
     virCommandAddArgList(cmd, "-w", "-L", "-n", NULL);
-    if (virCommandRun(cmd, NULL) < 0) {
+    /* don't log non-zero status */
+    if (virCommandRun(cmd, &status) < 0 || status != 0) {
         VIR_INFO("xtables locking not supported by your iptables");
     } else {
         VIR_INFO("using xtables locking for iptables");