[Unit]
Description=Apply nftables firewall (parameterized)
Documentation=man:nft(8)
After=local-fs.target
Before=network-pre.target

[Service]
Type=oneshot
ExecStart=/usr/local/sbin/fw-apply
ExecStop=/usr/local/sbin/fw-stop
RemainAfterExit=yes
PrivateTmp=yes

[Install]
WantedBy=multi-user.target