[Unit]
Description=Connection tracking userspace daemon
Documentation=man:conntrackd(8) man:conntrackd.conf(5)
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
NotifyAccess=main
EnvironmentFile=-/etc/sysconfig/conntrackd
# daemon will not start if lock file is left dangling
ExecStartPre=/bin/rm -f $CONNTRACKD_LOCKFILE
ExecStart=/usr/sbin/conntrackd $CONNTRACKD_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
ProtectSystem=full
ProtectHome=true
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions 
WatchdogSec=60

[Install]
WantedBy=multi-user.target