stale[bot]
commented
4 years ago This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read this blog post to see the reasons why I mark issues as stale.
As far as I can tell the init script does not specify when to start relative to the network, and the systemd unit specifies to start after network. Seems to me that it should start before network so as to avoid the (admittedly nominally tiny) time between network up and iptables rules being restored. This seems to be the approach taken by iptables-persistent and ufw in any case.