diff --git a/README.md b/README.md
index 115eeb4..83eb5af 100644
--- a/README.md
+++ b/README.md
@@ -42,7 +42,13 @@ ipset restore < /etc/ipset-blacklist/ip-blacklist.restore
 iptables -I INPUT 1 -m set --match-set blacklist src -j DROP
 ```
 
-Make sure to run this snippet in a firewall script or just insert it to `/etc/rc.local`.
+Make sure to run this snippet in a firewall script, insert it to `/etc/rc.local` (rc.local is discontinued) or use a service file (see below).
+
+If you want to use a **systemd service** during system start-up, install and enable:
+
+1. `wget -O /etc/systemd/system/ipset-blacklist.service https://raw.githubusercontent.com/trick77/ipset-blacklist/master/ipset-blacklist.service`
+2. `systemctl enable ipset-blacklist`
+3. `systemctl start ipset-blacklist`
 
 ## Cron job
 
diff --git a/ipset-blacklist.service b/ipset-blacklist.service
new file mode 100644
index 0000000..e84b668
--- /dev/null
+++ b/ipset-blacklist.service
@@ -0,0 +1,20 @@
+[Unit]
+Description=Enable IP Blacklist firewall blocking on System Startup
+Before=network-pre.target netfilter-persistent.service
+Wants=network-pre.target
+Documentation=man:ipset man:iptables
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+WorkingDirectory=/etc/ipset-blacklist
+ExecStartPre=/sbin/ipset restore -f /etc/ipset-blacklist/ip-blacklist.restore
+ExecStart=/sbin/iptables -I INPUT 1 -m set --match-set blacklist src -j DROP
+ExecStop=/sbin/iptables -D INPUT 1 -m set --match-set blacklist src
+ExecStopPost=/sbin/ipset destroy blacklist
+Delegate=yes
+StandardOutput=syslog
+StandardError=syslog
+
+[Install]
+WantedBy=multi-user.target