{{ ansible_managed | comment }} [Unit] Description=firewall Wants=network-pre.target Before=network-pre.target shutdown.target Conflicts=shutdown.target DefaultDependencies=no [Service] Type=oneshot RemainAfterExit=yes StandardInput=null ProtectSystem=full ProtectHome=true ExecStart=/usr/local/sbin/firewall /etc/firewall/rules.yml ExecReload=/usr/local/sbin/firewall /etc/firewall/rules.yml ExecStop=/usr/sbin/nft flush ruleset