[Unit]
Description=Packet Filtering Framework
Before=network-pre.target
Wants=network-pre.target

[Service]
Type=oneshot
Environment="IPTABLES_SAVE=/var/lib/iptables/rules-save"
Environment="SAVE_ON_STOP=yes"
ExecStart=/sbin/iptables-restore ${IPTABLES_SAVE}
ExecReload=/sbin/iptables-restore ${IPTABLES_SAVE}
ExecStop=/bin/sh -c "if [ \"${SAVE_ON_STOP}\" = \"yes\" ] ; then /sbin/iptables-save > \"${IPTABLES_SAVE}\" ; fi"
ExecStop=/bin/sh -c "/sbin/iptables-save | /bin/sed -nr \"/^[*C]/p;s/^(:[A-Z]+ )[A-Z].*/\\1ACCEPT [0:0]/p\" | /sbin/iptables-restore"
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target