From fc01b6b5cdab8b8aee6f30298b72e79a8579c49c Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Thu, 13 Mar 2025 20:17:29 +0100 Subject: [PATCH] dnsdist: Allow `AF_NETLINK` and `AF_XDP` under `systemd` We need them for, respectively: - IP to MAC address translation - `XSK` packet processing --- pdns/dnsdistdist/dnsdist.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pdns/dnsdistdist/dnsdist.service.in b/pdns/dnsdistdist/dnsdist.service.in index bd810fd912..e0a9b3bbb3 100644 --- a/pdns/dnsdistdist/dnsdist.service.in +++ b/pdns/dnsdistdist/dnsdist.service.in @@ -44,7 +44,7 @@ ProtectKernelLogs=true ProtectKernelModules=true ProtectKernelTunables=true ProtectSystem=full -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX AF_XDP RestrictNamespaces=true RestrictRealtime=true RestrictSUIDSGID=true -- 2.47.2