[Unit]
Description=IPv6 Packet Filtering Framework
After=iptables.service
Before=network-pre.target
Wants=network-pre.target

[Service]
Type=oneshot
Environment="IP6TABLES_LOCK_WAIT_TIME=60"
Environment="IP6TABLES_LOCK_WAIT_INTERVAL=1000"
Environment="IP6TABLES_SAVE=/var/lib/ip6tables/rules-save"
Environment="SAVE_ON_STOP=yes"
ExecStart=/sbin/ip6tables-restore --wait ${IP6TABLES_LOCK_WAIT_TIME} --wait-interval ${IP6TABLES_LOCK_WAIT_INTERVAL} ${IP6TABLES_SAVE}
ExecReload=/sbin/ip6tables-restore --wait ${IP6TABLES_LOCK_WAIT_TIME} --wait-interval ${IP6TABLES_LOCK_WAIT_INTERVAL} ${IP6TABLES_SAVE}
ExecStop=/bin/sh -c "if [ \"${SAVE_ON_STOP}\" = \"yes\" ] ; then /sbin/ip6tables-save > \"${IP6TABLES_SAVE}\" ; fi"
ExecStop=/bin/sh -c "/sbin/ip6tables-save | /bin/sed -nr \"/^[*C]/p;s/^(:[A-Z]+ )[A-Z].*/\\1ACCEPT [0:0]/p\" | /sbin/ip6tables-restore -w"
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target