[Service]
RemainAfterExit=yes

ExecStart=
ExecStart=/usr/sbin/nft -f /etc/nftables.conf
ExecStart=/usr/local/sbin/apply-sysctl

ExecReload=
ExecReload=/usr/sbin/nft -f /etc/nftables.conf
ExecReload=/usr/local/sbin/apply-sysctl

% if node.os != 'debian' or node.os_version[0] > 10:
Restart=on-failure
RestartSec=2
% endif