Restrict address families that can be used

author Ruben Kerkhof <ruben@rubenkerkhof.com>

Wed, 4 Feb 2015 10:16:33 +0000 (11:16 +0100)

committer Ruben Kerkhof <ruben@rubenkerkhof.com>

Tue, 10 Feb 2015 08:44:47 +0000 (09:44 +0100)
author Ruben Kerkhof <ruben@rubenkerkhof.com>
Wed, 4 Feb 2015 10:16:33 +0000 (11:16 +0100)
committer Ruben Kerkhof <ruben@rubenkerkhof.com>
Tue, 10 Feb 2015 08:44:47 +0000 (09:44 +0100)
diff --git a/contrib/systemd-pdns-recursor.service b/contrib/systemd-pdns-recursor.service

index 152763e196efa3770b028f17d99fa251220611ec..1259ebcdd9a1e90537e49ba9b91aa14b5a164cd9 100644 (file)
--- a/contrib/systemd-pdns-recursor.service
+++ b/contrib/systemd-pdns-recursor.service
@@ -13,6 +13,7 @@ CapabilityBoundingSet=CAP_NET_BIND_SERVICE
  NoNewPrivileges=true
  ProtectSystem=full
  ProtectHome=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
  
  [Install]
  WantedBy=multi-user.target
author	Ruben Kerkhof <ruben@rubenkerkhof.com>
	Wed, 4 Feb 2015 10:16:33 +0000 (11:16 +0100)
committer	Ruben Kerkhof <ruben@rubenkerkhof.com>
	Tue, 10 Feb 2015 08:44:47 +0000 (09:44 +0100)