[Unit]
Description=iptables
Before=network.target

[Service]
Environment=CONFIG=/etc/iptables.rules
ExecStart=/bin/sh -c 'iptables -F; iptables-restore -c < ${CONFIG}'
ExecStop=/bin/sh -c 'iptables-save -c > ${CONFIG}; iptables -F'
Type=oneshot
RemainAfterExit=yes

[Install]
WantedBy=basic.target