diff --git a/qubes-network-server.spec b/qubes-network-server.spec
index f0c2642..6bd1205 100644
--- a/qubes-network-server.spec
+++ b/qubes-network-server.spec
@@ -3,7 +3,7 @@
 %define mybuildnumber %{?build_number}%{?!build_number:1}
 
 Name:           qubes-network-server
-Version:        0.0.8
+Version:        0.0.9
 Release:        %{mybuildnumber}%{?dist}
 Summary:        Turn your Qubes OS into a network server
 BuildArch:      noarch
diff --git a/src/usr/lib64/python2.7/site-packages/qubes/modules/001FortressQubesVm.py b/src/usr/lib64/python2.7/site-packages/qubes/modules/001FortressQubesVm.py
index df56f40..c92c3d5 100644
--- a/src/usr/lib64/python2.7/site-packages/qubes/modules/001FortressQubesVm.py
+++ b/src/usr/lib64/python2.7/site-packages/qubes/modules/001FortressQubesVm.py
@@ -430,7 +430,7 @@ class QubesVm(OriginalQubesVm):
             %s
             EOF
             chmod +x "$tmp"
-            "$tmp" deploy
+            "$tmp" deploy 2>&1
             """
         ) % open(appvm_firewall_path).read()
 
diff --git a/src/usr/lib64/python2.7/site-packages/qubes/modules/qubes-appvm-firewall b/src/usr/lib64/python2.7/site-packages/qubes/modules/qubes-appvm-firewall
index c2d9363..60dd01f 100755
--- a/src/usr/lib64/python2.7/site-packages/qubes/modules/qubes-appvm-firewall
+++ b/src/usr/lib64/python2.7/site-packages/qubes/modules/qubes-appvm-firewall
@@ -7,8 +7,9 @@ import shutil
 import subprocess
 import sys
 
-UNITPATH = "/usr/lib/systemd/system/qubes-appvm-firewall.service"
-DEPPATH = "/run/fortress/qubes-appvm-firewall"
+NAME = "qubes-appvm-firewall"
+UNITDIRS = ["/usr/lib/systemd/system", "/lib/systemd/system"]
+DEPDIR = "/run/fortress"
 KEY = '/qubes-fortress-iptables-rules'
 CHAIN = 'FORTRESS-INPUT'
 
@@ -161,10 +162,11 @@ class Table(object):
         return t
 
 def deploy():
-    if not os.path.isdir(os.path.dirname(DEPPATH)):
-        os.makedirs(os.path.dirname(DEPPATH))
-    shutil.copyfile(__file__, DEPPATH)
-    os.chmod(DEPPATH, 0755)
+    deppath = os.path.join(DEPDIR, NAME)
+    if not os.path.isdir(DEPDIR):
+        os.makedirs(DEPDIR)
+    shutil.copyfile(__file__, deppath)
+    os.chmod(deppath, 0755)
     service = '''[Unit]
 Description=Qubes AppVM firewall updater
 After=qubes-iptables.service qubes-firewall.service
@@ -173,11 +175,14 @@ Before=qubes-network.service network.target
 [Service]
 Type=simple
 ExecStart=%s main
-''' % DEPPATH
-    if not os.path.isfile(UNITPATH) or open(UNITPATH, "rb").read() != service:
-        open(UNITPATH, "wb").write(service)
+''' % deppath
+    for unitdir in UNITDIRS:
+        if os.path.isdir(unitdir): break
+    unitpath = os.path.join(unitdir, NAME + ".service")
+    if not os.path.isfile(unitpath) or open(unitpath, "rb").read() != service:
+        open(unitpath, "wb").write(service)
         subprocess.check_call(['systemctl', '--system', 'daemon-reload'])
-    subprocess.check_call(['systemctl', 'restart', os.path.basename(UNITPATH)])
+    subprocess.check_call(['systemctl', 'restart', os.path.basename(unitpath)])
 
 
 def main():