diff --git a/configure_priv.sh b/configure_priv.sh
index 39be410..e0618d9 100755
--- a/configure_priv.sh
+++ b/configure_priv.sh
@@ -324,13 +324,33 @@ configure_fail2ban() {
 }
 
 configure_iptables() {
-    [ -f /etc/network/if-pre-up.d/iptables-load ] && return
     [ $offline -eq 1 ] && return
+    if command_exists ifquery && systemctl is-active --quiet networking; then
+        # ifupdown: /etc/network/if-pre-up.d/iptables-load
+        [ -f /etc/network/if-pre-up.d/iptables-load ] && return
+        if confirm_action "要配置 iptables 吗？" "N"; then
+            sudo cp $scriptdir/files/iptables-load /etc/network/if-pre-up.d/iptables-load
+            sudo chmod +x /etc/network/if-pre-up.d/iptables-load
+            sudo sh /etc/network/if-pre-up.d/iptables-load
+        fi
+    else
+        # systemd: /etc/network/iptables-load
+        [ -f /etc/network/iptables-load ] && return
+        if confirm_action "要配置 iptables 吗？" "N"; then
+            if [ -f /etc/network/if-pre-up.d/iptables-load ]; then
+                sudo mv /etc/network/if-pre-up.d/iptables-load /etc/network/iptables-load
+            else
+                sudo cp $scriptdir/files/iptables-load /etc/network/iptables-load
+                sudo chmod +x /etc/network/iptables-load
+                sudo sh /etc/network/iptables-load
+            fi
 
-    if confirm_action "要配置 iptables 吗？" "N"; then
-        sudo cp $scriptdir/files/iptables-load /etc/network/if-pre-up.d/iptables-load
-        sudo chmod +x /etc/network/if-pre-up.d/iptables-load
-        sudo sh /etc/network/if-pre-up.d/iptables-load
+            sudo cp $scriptdir/files/iptables-load.service /etc/systemd/system/iptables-load.service
+            sudo chmod +x /etc/systemd/system/iptables-load.service
+            sudo systemctl daemon-reload
+            sudo systemctl start iptables-load.service
+            sudo systemctl enable iptables-load.service
+        fi
     fi
 }
 
diff --git a/files/iptables-load.service b/files/iptables-load.service
new file mode 100644
index 0000000..327dad6
--- /dev/null
+++ b/files/iptables-load.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Load iptables rules during network pre-up
+Wants=network-pre.target
+Before=network-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=/etc/network/iptables-load
+RemainAfterExit=yes
+
+[Install]
+WantedBy=network-pre.target
diff --git a/files/zsh/51-alias.zsh b/files/zsh/51-alias.zsh
index 033ae21..3fd4e21 100644
--- a/files/zsh/51-alias.zsh
+++ b/files/zsh/51-alias.zsh
@@ -14,7 +14,10 @@ command_exists() { command -v "$@" >/dev/null 2>&1; }
 
 if command_exists iptables; then
     alias ipl='sudo iptables -L -n'
-    if [ -f "/etc/network/if-pre-up.d/iptables-load" ]; then
+    if [ -f "/etc/network/iptables-load" ]; then
+        alias ipe='sudo vi /etc/network/iptables-load'
+        alias ips='sudo /etc/network/iptables-load'
+    elif [ -f "/etc/network/if-pre-up.d/iptables-load" ]; then
         alias ipe='sudo vi /etc/network/if-pre-up.d/iptables-load'
         alias ips='sudo /etc/network/if-pre-up.d/iptables-load'
     fi