[Unit]
Description=Update bogon list.

[Service]
# See systemd.exec(5) and systemd.service(5) for a description of the options
Type=oneshot
ExecStart=/usr/local/bin/updateBogons

# DynamicUser implies RemoveIPC, PrivateTmp, NoNewPrivileges, RestrictSUIDSGID (and cannot be disabled)
# It also implies ProtectSystem=strict and ProtectHome=read-only
DynamicUser=yes
ReadWritePaths=/var/cache/updateBogons/
ProtectHome=yes
User=updateBogons
Group=nftables