The latest UDM Boot service DEB package can be found here - https://unifi.boostchicken.io/udm-boot-2x_1.0.1_all.deb and it has an issue with not detecting failures correctly. For example, if you create a custom script to add your own IPTables rules, your rules are going to be re-applied on top of each other at least several times after reboot.

To mitigate the issue, you need to remove the following lines from "\lib\systemd\system\udm-boot.service" after you install the service (DEB package):
Restart=on-failure
RestartSec=5s

Previous UDM Boot service versions didn't include those lines.

I didn't see udm-boot.service in "/lib/systemd/system" ,

it was in "/etc/system/systemd" and symlinks to "/etc/system/systemd/multi-user.target.wants/"

When UDM-Boot-2x_1.0.1 DEB package is extracted in Windows, it results in 2 directories, one of which is some user documentation and the other is "\lib\systemd\system\udm-boot.service". That's the one I edited to remove the 2 lines I mentioned. I think others are just symlinks, but not sure...

On a related note, it's a nice practice to ensure your scripts are idempotent, i.e. do not change the state when it's already correct. With iptables, you can check for the existence of a rule by substituting -A for -C:

myrule="PREROUTING -s 10.1.0.0/24 [...]"
iptables -t nat -C ${myrule} || iptables -t nat -A ${myrule}