diff --git a/SOURCES/scap-security-guide-0.1.33-drop_set_firewalld_default_zone_remediation.patch b/SOURCES/scap-security-guide-0.1.33-drop_set_firewalld_default_zone_remediation.patch
new file mode 100644
index 0000000..a080fd1
--- /dev/null
+++ b/SOURCES/scap-security-guide-0.1.33-drop_set_firewalld_default_zone_remediation.patch
@@ -0,0 +1,26 @@
+From 8098e6e16c1b7a403c27744508c9892d482061fa Mon Sep 17 00:00:00 2001
+From: Watson Sato <wsato@redhat.com>
+Date: Thu, 14 Sep 2017 19:07:46 +0200
+Subject: [PATCH] Drop firewalld default zone and sshd port fixes
+
+Providing a fix for 'firewalld_sshd_port_enabled' can be very complicated
+and will very likely not fit to everyone's use case. And because of that
+we drop remediation for 'set_firewalld_sshd_port', which is causing the
+remediated machine to refuse all connections.
+---
+ shared/templates/static/bash/set_firewalld_default_zone.sh      | 10 ----
+ 1 file changed, 10 deletions(-)
+ delete mode 100644 shared/templates/static/bash/set_firewalld_default_zone.sh
+
+diff --git a/shared/templates/static/bash/set_firewalld_default_zone.sh b/shared/templates/static/bash/set_firewalld_default_zone.sh
+deleted file mode 100644
+index ada8b68a7..000000000
+--- a/shared/templates/static/bash/set_firewalld_default_zone.sh
++++ /dev/null
+@@ -1,6 +0,0 @@
+-# platform = Red Hat Enterprise Linux 7
+-grep -q ^DefaultZone= /etc/firewalld/firewalld.conf && \
+-  sed -i "s/DefaultZone=.*/DefaultZone=drop/g" /etc/firewalld/firewalld.conf
+-if ! [ $? -eq 0 ]; then
+-    echo "DefaultZone=drop" >> /etc/firewalld/firewalld.conf
+-fi
diff --git a/SPECS/scap-security-guide.spec b/SPECS/scap-security-guide.spec
index a25ce82..137fa78 100644
--- a/SPECS/scap-security-guide.spec
+++ b/SPECS/scap-security-guide.spec
@@ -6,7 +6,7 @@
 
 Name:		scap-security-guide
 Version:	0.1.%{redhatssgversion}
-Release:	5%{?dist}
+Release:	6%{?dist}
 Summary:	Security guidance and baselines in SCAP formats
 
 Group:		System Environment/Base
@@ -20,6 +20,7 @@ Patch4:		scap-security-guide-0.1.33-fix-anaconda-remediation-template-add-remove
 Patch5:		scap-security-guide-0.1.33-fix-anaconda-remediation-template-partition-mountoptions.patch
 Patch6:		scap-security-guide-0.1.33-fix-profile_nist-800-171-cui-malformed-title.patch
 Patch7:		scap-security-guide-0.1.33-fix-anaconda-smart-card-remediation_1461330.patch
+Patch8:		scap-security-guide-0.1.33-drop_set_firewalld_default_zone_remediation.patch
 BuildArch:	noarch
 
 BuildRequires:	libxslt, expat, python, openscap-scanner >= 1.2.5, python-lxml, cmake >= 2.8
@@ -57,6 +58,8 @@ been generated from XCCDF benchmarks present in %{name} package.
 # Fix for rhbz#1449211
 %patch6 -p1 -b .profile_nist_800_171_cui_malformed_title_fix
 %patch7 -p1 -b .anaconda-smart-card-auth
+# Fix for rhbz#1478414, patch adapted from https://github.com/OpenSCAP/scap-security-guide/pull/2328
+%patch8 -p1 -b .drop_set_firewalld_default_zone_remediation
 
 %build
 %cmake -D CMAKE_INSTALL_DOCDIR=%{_pkgdocdir} \
@@ -99,6 +102,9 @@ make %{?_smp_mflags}
 %doc guides/ssg-*-guide-*.html
 
 %changelog
+* Tue Sep 19 2017 Watson Sato <wsato@redhat.com> 0.1.33-6
+- Dropped remediation that makes system not accessible by SSH (RHBZ#1478414)
+
 * Wed Jun 14 2017 Watson Sato <wsato@redhat.com> 0.1.33-5
 - Fix Anaconda Smartcard auth remediation (RHBZ#1461330)