Am 07.07.2018 um 14:35 schrieb Michael Biebl: > Tbh, I find it a bit confusing that we have three mechanisms now > (PrivateNetwork, RestrictAddressFamilies, IPAddressDeny) and when one > is supposed to use which one of these.
why * PrivateNetwork -> big hammer service needs no network stuff at all * RestrictAddressFamilies -> finer hammer service must only talk local * IPAddressDeny/IPAddressAllow better way than iptables because it's for the whole process-group independent of users/groups and specific binaries can be combined with RestrictAddressFamilies RestrictAddressFamilies=AF_INET AF_INET6 IPAddressAllow=192.168.196.0/24 _______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
