Hello just to add a piece of information
Since version 1.0.13 netfilter-persistent (aka iptables-persistent) provides 2 dummy services, iptables.service and ip6tables.service Both of them are managed as alternatives so other firewall managers can provide them; fail2ban could `Require` and `After` to this virtual services instead of list them all in the override. On the other hand, you could list them all in the service file, systemd will ignore the inexistant services. thanks for fail2ban :) -- IRC: gfa GPG: 0x27263FA42553615F904A7EBE2A40A2ECB8DAD8D5 OLD GPG: 0x44BB1BA79F6C6333