From 631d0ef4cc047fe9ce71d2d11e7f9cd5a1756974 Mon Sep 17 00:00:00 2001
From: Ruben Kerkhof <ruben@rubenkerkhof.com>
Date: Wed, 4 Feb 2015 11:16:33 +0100
Subject: [PATCH] Restrict address families that can be used

To AF_UNIX AF_INET and AF_INET6.
---
 contrib/systemd-pdns-recursor.service | 1 +
 1 file changed, 1 insertion(+)

diff --git a/contrib/systemd-pdns-recursor.service b/contrib/systemd-pdns-recursor.service
index 152763e19..1259ebcdd 100644
--- a/contrib/systemd-pdns-recursor.service
+++ b/contrib/systemd-pdns-recursor.service
@@ -13,6 +13,7 @@ CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 NoNewPrivileges=true
 ProtectSystem=full
 ProtectHome=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 
 [Install]
 WantedBy=multi-user.target
-- 
2.40.0