Systemd can also be a firewall

18 Jul, 2024

This is something I didn’t know about, but apparently, systemd can act as a firewall for services configured with IPAddressDeny or IPAddressAllow settings. It’s important to keep this in mind when debugging strange networking issues where it’s not obvious what might be dropping packets: https://rachelbythebay.com/w/2024/07/17/bpf/

The funny thing is that this reminds me a lot of BPFirewall, a minimalist Linux kernel firewall based on BPF, which I wrote for my BPF 101 - Getting Linux superpowers presentation a few months ago.