From a34e5441a92d4f0526c9eeb3468aa296f874206e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gardais=20J=C3=A9r=C3=A9my?=
 <jeremy.gardais@univ-rennes1.fr>
Date: Fri, 30 Jul 2021 11:15:34 +0200
Subject: [PATCH] Start nftables systemd unit earlier
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Source: nftables 0.9.8-3.1 from Debian Bullseye
Thanks to @kravietz − PR #19
---
 CHANGELOG.md                                     | 1 +
 templates/lib/systemd/system/nftables.service.j2 | 7 +++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9acf63a..942a4ef 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,7 @@
 
 ### Fixed
 * Ansible-lint: Fix line longer than 160 chars.
+* Start nftables systemd unit earlier (thanks to @kravietz − PR #19).
 
 ## v1.7.0
 
diff --git a/templates/lib/systemd/system/nftables.service.j2 b/templates/lib/systemd/system/nftables.service.j2
index 5487cea..433da76 100644
--- a/templates/lib/systemd/system/nftables.service.j2
+++ b/templates/lib/systemd/system/nftables.service.j2
@@ -2,7 +2,10 @@
 [Unit]
 Description={{ nft_service_name }}
 Documentation=man:nft(8) http://wiki.nftables.org
-;Before=fail2ban.service
+Wants=network-pre.target
+Before=network-pre.target shutdown.target
+Conflicts=shutdown.target
+DefaultDependencies=no
 
 [Service]
 Type=oneshot
@@ -17,4 +20,4 @@ ExecReload={{ nft__bin_location }} -f {{ nft_main_conf_path }}
 ExecStop={{ nft__bin_location }} flush ruleset
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=sysinit.target