« Back to Settings for systemd units

SocketBindAllow setting

This systemd unit setting was added since systemd 249.

Purpose: define which address families, transport protocols, and/or ports are allowed to bind() to a socket

Why and when to use SocketBindAllow

The setting SocketBindAllow is used together with SocketBindDeny and defines restrictions on the usage of the system call bind on a network socket.


Both SocketBindAllow and SocketBindDeny use a bind-rule. See SocketBindDeny for the details.

Generic advice

This setting is useful in combination with SocketBindDeny to create an allow-list.


Allow binding on TCP port 80


Allow binding on port 443 (IPv4/IPv6, TCP/UDP)



Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon