Add IP address hardening to Newsboat service

author: Tom Ryder <tom@sanctum.geek.nz> 2020-06-24 01:14:31 +1200
committer: Tom Ryder <tom@sanctum.geek.nz> 2020-06-24 01:14:31 +1200
commit: 1477340317c44eeb98bdf8a659a1ec544c8421e8 (patch)
tree: 971ea347ef1f7ad5bd112311bfdbe397026e26e5
parent: Add hardening to Newsboat (diff)
download: dotfiles-1477340317c44eeb98bdf8a659a1ec544c8421e8.tar.gz
dotfiles-1477340317c44eeb98bdf8a659a1ec544c8421e8.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/newsboat/systemd/user/reload-newsboat.service b/newsboat/systemd/user/reload-newsboat.service
index 24cda424..b280c9e1 100644
--- a/newsboat/systemd/user/reload-newsboat.service
+++ b/newsboat/systemd/user/reload-newsboat.service
@@ -9,6 +9,8 @@ LogsDirectory=newsboat
 LogsDirectoryMode=0700
 ExecStart=newsboat --execute=reload --log-file=%L/newsboat/%p.log --log-level=6
 # Hardening
+IPAddressDeny=any
+IPAddressAllow=localhost
 KeyringMode=private
 LockPersonality=true
 MemoryDenyWriteExecute=true
author	Tom Ryder <tom@sanctum.geek.nz>	2020-06-24 01:14:31 +1200
committer	Tom Ryder <tom@sanctum.geek.nz>	2020-06-24 01:14:31 +1200
commit	1477340317c44eeb98bdf8a659a1ec544c8421e8 (patch)
tree	971ea347ef1f7ad5bd112311bfdbe397026e26e5
parent	Add hardening to Newsboat (diff)
download	dotfiles-1477340317c44eeb98bdf8a659a1ec544c8421e8.tar.gz dotfiles-1477340317c44eeb98bdf8a659a1ec544c8421e8.zip