Hi, Joop, In short, conditional test/variable definition is not possible in systemd service file. This file defines the variables: https://build.opensuse.org/package/view_file/security/sshguard/sysconfig.ssh... So let's just start an "one-shot" type of service[1] (other types can't accept multiple inputs, eg: start iptables then start sshguard, they're two inputs), and write something like this into Execstart(remove all the variables and tests): Type=oneshot Execstart=/usr/sbin/iptables -N sshguard ; \ /usr/sbin/iptables -A INPUT -p tcp --dport 22 -j sshguard ; \ /usr/sbin/sshguard -a 4 -p 420 -s 1200 -w "" -l /var/log/messages In execstop you have to do reverse things, like `killall sshguard; remove the iptables entry` blabla... The removal of variables is easy to understand, but removal of tests? That's also simple, eg: You just ignored the if-iptables-and-sshguard-binary-exists test, right? They're the same kind of "-n" test as if-variable-has-value test. [1] oneshot type: as the name tells, systemd will just trigger the commands, if the commands can execute, then systemd take it as a success. It doesn't care the return status, eg: if you "rm -rf /", it'll take a long time before your root partition is cleared. In a forking type (just for explanation, this kinda command will never be forking type), systemd will not take it as a success until your partition is really cleared. But in an oneshot type, if you can execute the command, systemd will take it as a success even if you can't actually clear your / because of permission issues. Greetings Marguerite -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org