# {{ ansible_managed }}
# Based on the default Debian 12 `/lib/systemd/system/nftables.service`
[Unit]
Description=nftables SCE port mapping rules
Wants=network-pre.target
Before=network-pre.target shutdown.target
Conflicts=shutdown.target
After=nftables.service
DefaultDependencies=no

[Service]
Type=oneshot
RemainAfterExit=yes
StandardInput=null
ProtectSystem=full
ProtectHome=true
ExecStart=/usr/sbin/nft -f /etc/{{ firewall_nft_table_filename }}.conf
ExecReload=/usr/sbin/nft -f /etc/{{ firewall_nft_table_filename }}.conf
ExecStop=/usr/sbin/nft delete table inet {{ firewall_nft_table_name }}

[Install]
WantedBy=sysinit.target