Hi, this approach doesn't make much sense, for a few reasons. First, having systemd execute each line as a separate command is not very efficient: systemd is doing other things at the same time, and will interleave other jobs with the commands, log lots of things, etc.
Second, embedding such conditionals in the unit file is always going to be very awkward for editing and updating. Third, most important probably, is that you really want iptables' rules to be loaded atomically. Using iptables-restore gives you such atomicity and is much better. IMHO, you should use this approach, ie. somehow construct the set of rules and load it all at once. Zbyszek _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
