[Service]

# Files from which to initialize the ip*tables rules.
# Personally, I like to keep all rules in one directory
#Environment="IPTABLES_INIT=/var/lib/iptables/init-IPv4.rules"
#Environment="IP6TABLES_INIT=/var/lib/iptables/init-IPv6.rules"
# But these are the OpenRC defaults:
Environment="IPTABLES_INIT=/var/lib/iptables/rules-save"
Environment="IP6TABLES_INIT=/var/lib/ip6tables/rules-save"

# At system shutdown (or systemctl start iptables-save), current rules are
# saved to the above files per default.
# This "Save as" functionality is very usefull for development or hardened
# production servers; it allows to inspect the saved rules before applying
# them for the next start/reload.
# If you prefer never to save the rules at all, simply specify /dev/null here.
#Environment="IPTABLES_SAVE_AS=/var/lib/iptables/inspect-IPv4.rules"
#Environment="IP6TABLES_SAVE_AS=/var/lib/iptables/inspect-IPv6.rules"

# Save & restore the counters [yes|no]?
Environment="COUNTERS=yes"