[Unit]
Description=iptables
Before=network-pre.target
Wants=network-pre.target

[Service]
Type=oneshot
ExecStart=iptables-restore -c /etc/default.rules
ExecStop=iptables-save -c -f /etc/default.rules ; iptables-restore /etc/empty.rules
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target