diff --git a/files/etc/systemd/system/firewall.service b/files/etc/systemd/system/firewall.service
index 5643184c9339ed9dcd3d0932c439452f9d73e0f0..4d9844bd6f337f87ae87cb7d17c2f74d2006bbc4 100644
--- a/files/etc/systemd/system/firewall.service
+++ b/files/etc/systemd/system/firewall.service
@@ -6,6 +6,7 @@ Before=sysinit.target
 
 [Service]
 Type=oneshot
+EnvironmentFile=-/etc/default/firewall
 ExecStart=/usr/local/bin/firewall start
 ExecReload=/usr/local/bin/firewall reload
 #ExecStop=/etc/iptables/flush-iptables.sh
diff --git a/files/usr/local/bin/firewall b/files/usr/local/bin/firewall
index 633a368d41e325ef6d5c2b110ac67dfacd8554f4..05865fa7ed74263f566cb3d670b0bc2a6dfe7c3d 100755
--- a/files/usr/local/bin/firewall
+++ b/files/usr/local/bin/firewall
@@ -7,7 +7,8 @@
 # environment.  Useful in combination with /etc/default or some
 # equivalent mechanism.
 FW_DIR="${FW_DIR:-/etc/firewall}"
-DO_LOG="${DO_LOG:-1}"
+ENABLE_LOG="${ENABLE_LOG:-0}"
+ENABLE_IPV6="${ENABLE_IPV6:-1}"
 LOG_RATE="${LOG_RATE:-5/min}"
 
 TABLES="filter nat mangle"
@@ -214,7 +215,7 @@ generate_filter() {
     add_rule -A INPUT -j user-input
 
     # Logging.
-    if [ "${DO_LOG}" -eq 1 ]; then
+    if [ "${ENABLE_LOG}" -eq 1 ]; then
         create_chain log-deny
         add_rule -A log-deny -j LOG --log-prefix 'deny: '
         add_rule -A INPUT -j log-deny -m limit --limit "${LOG_RATE}" --limit-burst 5
@@ -252,7 +253,9 @@ load() {
         cat ${v6rules}
     else
         /sbin/iptables-restore <${v4rules}
-        /sbin/ip6tables-restore <${v6rules}
+        if [ "${ENABLE_IPV6}" -eq 1 ]; then
+            /sbin/ip6tables-restore <${v6rules}
+        fi
     fi
 }