[Service]
ExecStartPre=nft add table inet filter
ExecStartPre=nft add chain inet filter input { type filter hook input priority 0; policy accept; }