diff --git a/debian/ngcp-rtpengine-daemon.init b/debian/ngcp-rtpengine-daemon.init
index 0df02baac..ff1bf28ed 100755
--- a/debian/ngcp-rtpengine-daemon.init
+++ b/debian/ngcp-rtpengine-daemon.init
@@ -15,7 +15,6 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin
 NAME=ngcp-rtpengine-daemon
 DESC="RTP/media proxy"
 TABLE=0
-MANAGE_IPTABLES=yes
 
 DAEMON=$(which rtpengine)
 DEFAULTS=/etc/default/${NAME}
@@ -37,7 +36,6 @@ fi
 
 OPTIONS=""
 START_OPTIONS=""
-MODPROBE_OPTIONS=""
 
 if [ ! -z "$INTERFACES" ]; then
 	for interface in $INTERFACES; do
@@ -125,30 +123,16 @@ fi
 
 if ! test -z "$SET_USER"; then
 	START_OPTIONS="$START_OPTIONS --chuid $SET_USER"
-	PUID=$(id -u "$SET_USER" 2> /dev/null)
-	test -z "$PUID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_uid=$PUID"
-	if test -z "$SET_GROUP"; then
-		PGID=$(id -g "$SET_USER" 2> /dev/null)
-		test -z "$PGID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_gid=$PGID"
-	fi
 	test "$DO_DIR_CHOWN" = 1 && chown "$SET_USER": "$PIDDIR"
 fi
 
 if ! test -z "$SET_GROUP"; then
 	START_OPTIONS="$START_OPTIONS --group $SET_GROUP"
-	PGID=$(grep "^$SET_GROUP:" /etc/group | cut -d: -f3 2> /dev/null)
-	test -z "$PGID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_gid=$PGID"
 	test "$DO_DIR_CHOWN" = 1 && chgrp "$SET_GROUP" "$PIDDIR"
 fi
 
 ###
 
-if [ -x /usr/sbin/ngcp-virt-identify ]; then
-	if /usr/sbin/ngcp-virt-identify --type container; then
-		VIRT="yes"
-	fi
-fi
-
 case "$1" in
   start)
 	set +e
@@ -165,23 +149,7 @@ case "$1" in
 	      ;;
 	  esac
 	fi
-	if [ "$TABLE" -ge 0 ] && [ "$VIRT" != "yes" ]; then
-		if [ "$MANAGE_IPTABLES" = "yes" ]; then
-			# shellcheck disable=SC2086
-			modprobe xt_RTPENGINE $MODPROBE_OPTIONS
-
-			iptables -N rtpengine 2> /dev/null
-			iptables -D INPUT -j rtpengine 2> /dev/null
-			iptables -I INPUT -j rtpengine
-			iptables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
-			iptables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
-			ip6tables -N rtpengine 2> /dev/null
-			ip6tables -D INPUT -j rtpengine 2> /dev/null
-			ip6tables -I INPUT -j rtpengine
-			ip6tables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
-			ip6tables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
-		fi
-	fi
+	ngcp-rtpengine-iptables-setup start
 	set -e
 	log_daemon_msg "Starting $DESC" "$NAME"
 	# shellcheck disable=SC2086
@@ -197,17 +165,7 @@ case "$1" in
 		return $?
 	fi
 	set +e
-	if [ "$TABLE" -ge 0 ] && [ "$VIRT" != "yes" ]; then
-		sleep 1
-		if [ -e /proc/rtpengine/control ]; then
-			echo "del $TABLE" > /proc/rtpengine/control 2>/dev/null
-		fi
-		if [ "$MANAGE_IPTABLES" = "yes" ]; then
-			iptables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
-			ip6tables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
-			rmmod xt_RTPENGINE 2>/dev/null
-		fi
-	fi
+	ngcp-rtpengine-iptables-setup stop
 	set -e
 	rm -f $PIDFILE
 	log_end_msg $?
diff --git a/debian/ngcp-rtpengine-daemon.install b/debian/ngcp-rtpengine-daemon.install
index cdd5be3e2..6d133cf0f 100644
--- a/debian/ngcp-rtpengine-daemon.install
+++ b/debian/ngcp-rtpengine-daemon.install
@@ -1,2 +1,3 @@
 daemon/rtpengine /usr/sbin/
+debian/ngcp-rtpengine-iptables-setup /usr/sbin
 etc/rtpengine.sample.conf /etc/rtpengine/
diff --git a/debian/ngcp-rtpengine-daemon.service b/debian/ngcp-rtpengine-daemon.service
index 2d0cdb8cc..f937f65ec 100644
--- a/debian/ngcp-rtpengine-daemon.service
+++ b/debian/ngcp-rtpengine-daemon.service
@@ -5,16 +5,12 @@ After=remote-fs.target
 Requires=network-online.target
 
 [Service]
-Type=forking
-Restart=no
-TimeoutSec=5min
-IgnoreSIGPIPE=no
-KillMode=process
-RemainAfterExit=yes
-SuccessExitStatus=5 6
-PIDFile=/run/ngcp-rtpengine-daemon.pid
-ExecStart=/etc/init.d/ngcp-rtpengine-daemon start
-ExecStop=/etc/init.d/ngcp-rtpengine-daemon stop
+Type=simple
+EnvironmentFile=/etc/default/ngcp-rtpengine-daemon
+PIDFile=/var/run/ngcp-rtpengine-daemon.pid
+ExecStartPre=/usr/sbin/ngcp-rtpengine-iptables-setup start
+ExecStart=/usr/sbin/rtpengine -f -E --pidfile /var/run/ngcp-rtpengine-daemon.pid --config-file /etc/rtpengine/rtpengine.conf --table $TABLE
+ExecStopPost=/usr/sbin/ngcp-rtpengine-iptables-setup stop
 
 [Install]
 WantedBy=multi-user.target
diff --git a/debian/ngcp-rtpengine-iptables-setup b/debian/ngcp-rtpengine-iptables-setup
new file mode 100755
index 000000000..7764b2c13
--- /dev/null
+++ b/debian/ngcp-rtpengine-iptables-setup
@@ -0,0 +1,100 @@
+#!/bin/sh
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+TABLE=0
+MODNAME=xt_RTPENGINE
+MANAGE_IPTABLES=yes
+
+DEFAULTS=/etc/default/ngcp-rtpengine-daemon
+
+# Load startup options if available
+if [ -f "$DEFAULTS" ]; then
+  . "$DEFAULTS" || true
+fi
+
+MODPROBE_OPTIONS=""
+
+# Handle requested setuid/setgid.
+if ! test -z "$SET_USER"; then
+  PUID=$(id -u "$SET_USER" 2> /dev/null)
+  test -z "$PUID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_uid=$PUID"
+  if test -z "$SET_GROUP"; then
+    PGID=$(id -g "$SET_USER" 2> /dev/null)
+    test -z "$PGID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_gid=$PGID"
+  fi
+fi
+
+if ! test -z "$SET_GROUP"; then
+  PGID=$(grep "^$SET_GROUP:" /etc/group | cut -d: -f3 2> /dev/null)
+  test -z "$PGID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_gid=$PGID"
+fi
+
+###
+
+if [ -x /usr/sbin/ngcp-virt-identify ]; then
+  if /usr/sbin/ngcp-virt-identify --type container; then
+    VIRT="yes"
+  fi
+fi
+
+firewall_setup()
+{
+  if [ "$TABLE" -lt 0 ] || [ "$VIRT" = "yes" ]; then
+    return
+  fi
+
+  if [ "$MANAGE_IPTABLES" != "yes" ]; then
+    return
+  fi
+
+  # shellcheck disable=SC2086
+  modprobe $MODNAME $MODPROBE_OPTIONS
+
+  iptables -N rtpengine 2>/dev/null
+  iptables -D INPUT -j rtpengine 2>/dev/null
+  iptables -I INPUT -j rtpengine
+  iptables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
+  iptables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
+  ip6tables -N rtpengine 2>/dev/null
+  ip6tables -D INPUT -j rtpengine 2>/dev/null
+  ip6tables -I INPUT -j rtpengine
+  ip6tables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
+  ip6tables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
+}
+
+firewall_teardown()
+{
+  if [ "$TABLE" -lt 0 ] || [ "$VIRT" = "yes" ]; then
+    return
+  fi
+
+  # XXX: Wait a bit to make sure the daemon has been stopped.
+  sleep 1
+
+  if [ -e /proc/rtpengine/control ]; then
+    echo "del $TABLE" >/proc/rtpengine/control 2>/dev/null
+  fi
+
+  if [ "$MANAGE_IPTABLES" != "yes" ]; then
+    return
+  fi
+
+  iptables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
+  ip6tables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
+  rmmod $MODNAME 2>/dev/null
+}
+
+case "$1" in
+  start)
+    firewall_setup
+    ;;
+  stop)
+    firewall_teardown
+    ;;
+  *)
+    echo "Usage: $0 {start|stop}" >&2
+    exit 1
+    ;;
+esac
+
+exit 0
diff --git a/debian/ngcp-rtpengine-recording-daemon.init b/debian/ngcp-rtpengine-recording-daemon.init
index 40f1f17ae..4664efdd2 100755
--- a/debian/ngcp-rtpengine-recording-daemon.init
+++ b/debian/ngcp-rtpengine-recording-daemon.init
@@ -32,7 +32,6 @@ if [ "$RUN_RTPENGINE_RECORDING" != "yes" ]; then
 	exit 0
 fi
 [ -z "$PIDFILE" ] && PIDFILE="/var/run/rtpengine-recording.pid"
-[ -z "$NFS_OPTIONS" ] && NFS_OPTIONS="hard,tcp,intr"
 
 OPTIONS=""
 START_OPTIONS=""
@@ -83,15 +82,9 @@ case "$1" in
 	fi
 	set -e
 
-	log_daemon_msg "Starting $DESC" "$NAME"
+	ngcp-rtpengine-recording-nfs-setup start
 
-	if [ "$MUST_NFS" = yes ]; then
-		if ! grep -E -q "^[^ :]+:[^ :]+ $NFS_LOCAL_MOUNT nfs.? " /proc/mounts; then
-			log_progress_msg "Mounting NFS share"
-			test -d "$NFS_LOCAL_MOUNT" || mkdir -p "$NFS_LOCAL_MOUNT"
-			mount -t nfs -o "$NFS_OPTIONS" "$NFS_HOST:$NFS_REMOTE_PATH" "$NFS_LOCAL_MOUNT"
-		fi
-	fi
+	log_daemon_msg "Starting $DESC" "$NAME"
 
 	# shellcheck disable=SC2086
 	start-stop-daemon --start --quiet --pidfile "$PIDFILE" \
diff --git a/debian/ngcp-rtpengine-recording-daemon.install b/debian/ngcp-rtpengine-recording-daemon.install
index 336fa5a6f..ddf5b8d1e 100644
--- a/debian/ngcp-rtpengine-recording-daemon.install
+++ b/debian/ngcp-rtpengine-recording-daemon.install
@@ -1,2 +1,3 @@
 etc/rtpengine-recording.sample.conf /etc/rtpengine/
 recording-daemon/rtpengine-recording /usr/sbin/
+debian/ngcp-rtpengine-recording-nfs-setup /usr/sbin/
diff --git a/debian/ngcp-rtpengine-recording-daemon.service b/debian/ngcp-rtpengine-recording-daemon.service
index 967989db2..85f3d33f0 100644
--- a/debian/ngcp-rtpengine-recording-daemon.service
+++ b/debian/ngcp-rtpengine-recording-daemon.service
@@ -5,16 +5,10 @@ After=remote-fs.target
 Requires=network-online.target
 
 [Service]
-Type=forking
-Restart=no
-TimeoutSec=5min
-IgnoreSIGPIPE=no
-KillMode=process
-RemainAfterExit=yes
-SuccessExitStatus=5 6
+Type=simple
 PIDFile=/run/ngcp-rtpengine-recording-daemon.pid
-ExecStart=/etc/init.d/ngcp-rtpengine-recording-daemon start
-ExecStop=/etc/init.d/ngcp-rtpengine-recording-daemon stop
+ExecStartPre=/usr/sbin/ngcp-rtpengine-recording-nfs-setup start
+ExecStart=/usr/sbin/rtpengine-recording -f -E --pidfile /run/ngcp-rtpengine-recording-daemon.pid --config-file /etc/rtpengine/rtpengine-recording.conf
 
 [Install]
 WantedBy=multi-user.target
diff --git a/debian/ngcp-rtpengine-recording-nfs-setup b/debian/ngcp-rtpengine-recording-nfs-setup
new file mode 100755
index 000000000..4b70ef0de
--- /dev/null
+++ b/debian/ngcp-rtpengine-recording-nfs-setup
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DEFAULTS=/etc/default/ngcp-rtpengine-recording-daemon
+
+. /lib/lsb/init-functions
+
+# Load startup options if available
+if [ -f "$DEFAULTS" ]; then
+  . "$DEFAULTS" || true
+fi
+
+[ -z "$NFS_OPTIONS" ] && NFS_OPTIONS="hard,tcp,intr"
+
+###
+
+case "$1" in
+  start)
+    if [ "$MUST_NFS" = yes ]; then
+      if ! grep -E -q "^[^ :]+:[^ :]+ $NFS_LOCAL_MOUNT nfs.? " /proc/mounts; then
+        log_action_msg "Mounting NFS share"
+        test -d "$NFS_LOCAL_MOUNT" || mkdir -p "$NFS_LOCAL_MOUNT"
+        mount -t nfs -o "$NFS_OPTIONS" "$NFS_HOST:$NFS_REMOTE_PATH" "$NFS_LOCAL_MOUNT"
+      fi
+    fi
+    ;;
+  stop)
+    ;;
+  *)
+    echo "Usage: $0 {start|stop}" >&2
+    exit 1
+    ;;
+esac
+
+exit 0