From ab4e6375e0fea8a9779f578c8de68b8323915b71 Mon Sep 17 00:00:00 2001
From: surtur <a_mirre@utb.cz>
Date: Wed, 20 Apr 2022 16:54:52 +0200
Subject: [PATCH] set RestrictAddressFamilies to unix,ipv4,ipv6

---
 etc/systemd/system/drone.service | 1 +
 1 file changed, 1 insertion(+)

diff --git a/etc/systemd/system/drone.service b/etc/systemd/system/drone.service
index e8e9b75..51ca8e3 100644
--- a/etc/systemd/system/drone.service
+++ b/etc/systemd/system/drone.service
@@ -37,6 +37,7 @@ ProtectKernelLogs=true
 ProtectControlGroups=true
 LockPersonality=true
 MemoryDenyWriteExecute=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 RestrictRealtime=true
 RestrictSUIDSGID=true
 SystemCallArchitectures=native