SocketBindAllow setting

This systemd unit setting was added since systemd 249.

Purpose: define which address families, transport protocols, and/or ports are allowed to bind() to a socket

Why and when to use SocketBindAllow

The setting SocketBindAllow is used together with SocketBindDeny and defines restrictions on the usage of the system call bind on a network socket.

Settings

Both SocketBindAllow and SocketBindDeny use a bind-rule. See SocketBindDeny for the details.

Generic advice

This setting is useful in combination with SocketBindDeny to create an allow-list.

Examples

Allow binding on TCP port 80

[Service]
SocketBindDeny=any
SocketBindAllow=tcp:80

Allow binding on port 443 (IPv4/IPv6, TCP/UDP)

[Service]
SocketBindDeny=any
SocketBindAllow=443

Feedback

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!