diff --git a/init.d/ipt b/init.d/ipt
deleted file mode 100755
index 25a7772..0000000
--- a/init.d/ipt
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/env watchman
-
-service_type='oneshot'
-service_command='/usr/local/sbin/ipt'
-service_args="$cfg_hostname"
-
-stop() { "$service_command" clean; }
diff --git a/init.d/iptables b/init.d/iptables
new file mode 100755
index 0000000..cba426d
--- /dev/null
+++ b/init.d/iptables
@@ -0,0 +1,28 @@
+#!/usr/bin/env watchman
+
+service_type='oneshot'
+
+cfg_ip4dump='/etc/iptables/ip4.rules'
+cfg_ip6dump='/etc/iptables/ip6.rules'
+
+start() {
+	watchman.msg "Restoring netfilter rules..."
+	[[ -f "$cfg_ip4dump" ]] && { /usr/bin/iptables-restore < "$cfg_ip4dump"; }
+	[[ -f "$cfg_ip6dump" ]] && { /usr/bin/ip6tables-restore < "$cfg_ip6dump"; }
+}
+
+stop() {
+	watchman.msg "Flushing netfilter rules..."
+
+	iptables-save | sed -re 's/(:[A-Z]+\s+)[A-Z]+/\1ACCEPT/g' -e '/-.+/d' | iptables-restore
+	ip6tables-save | sed -re 's/(:[A-Z]+\s+)[A-Z]+/\1ACCEPT/g' -e '/-.+/d' | ip6tables-restore
+
+	iptables -X
+	ip6tables -X
+}
+
+save() {
+	watchman.msg "Saving netfilter rules..."
+	/usr/bin/iptables-save > "$cfg_ip4dump";
+	/usr/bin/ip6tables-save > "$cfg_ip6dump";
+}