From 19d0db3a001c474e668c9d0d8f9a0e29cc817393 Mon Sep 17 00:00:00 2001
From: nxshock <nxshock@gmail.com>
Date: Thu, 28 Dec 2023 20:01:36 +0500
Subject: [PATCH] More systemd hardening

---
 gonx.service | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/gonx.service b/gonx.service
index 545e22d..7fbb58d 100644
--- a/gonx.service
+++ b/gonx.service
@@ -40,6 +40,8 @@ UMask=0027
 ProtectProc=noaccess
 ProcSubset=pid
 SystemCallFilter=~@clock @swap @reboot @raw-io @privileged @obsolete @mount @module @debug @cpu-emulation
+RestrictAddressFamilies=~AF_UNIX AF_PACKET AF_NETLINK
+UMask=0066
 
 [Install]
 WantedBy=multi-user.target