diff --git a/roles/firewall/files/update b/roles/firewall/files/update
index b08d49f..9f9fe28 100644
--- a/roles/firewall/files/update
+++ b/roles/firewall/files/update
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+set -e
+
 apply() {
 	cp -R /opt/config/etc/nftables.d /etc || return 1
 	nft -I /etc/nftables.d -f /etc/nftables.nft || return 2
@@ -11,6 +13,11 @@ cleanup() {
 	rm -fr /opt/config
 }
 
+message() {
+	logger "${@}"
+	echo "${@}"
+}
+
 # clean now and on exit
 cleanup
 trap cleanup EXIT
@@ -20,15 +27,15 @@ tar xz -C /opt/config --warning=no-timestamp
 
 current="$(cat /opt/version 2>/dev/null || echo -1)"
 next="$(cat /opt/config/version 2>/dev/null || echo -1)"
-echo "Updating config from v${current} to v${next}"
+message "Updating config from v${current} to v${next}"
 if [ "${next:-0}" -ne "${current:-0}" ] ; then
-	echo "Applying config v${next}"
+	message "Applying config v${next}"
 	if apply ; then
 		echo "${next}" > /opt/version
-		echo "Applied config v${next}"
+		message "Applied config v${next}"
 	else
 		error="$?"
-		echo "Could not apply config v${next}, error ${error}"
+		message "Could not apply config v${next}, error ${error}"
 		exit "${error}"
 	fi
 fi