From 7fddc6fef5490bcc8a4e10fec28ac2a3e6b8f84c Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 7 Aug 2022 21:29:26 -0500
Subject: [PATCH] pkg/v-m: vmagent: Remove IP address restrictions

Setting `IPAddressAllow` and `IPAddressDeny` instructs systemd to
construct BPF firewall rules to restrict traffic.  Since `vmagent` is
responsible for scraping metrics from hosts on the network, it does not
make any sense to restrict it to localhost-only communication.
---
 package/victoriametrics/vmagent.service | 2 --
 1 file changed, 2 deletions(-)

diff --git a/package/victoriametrics/vmagent.service b/package/victoriametrics/vmagent.service
index 656f876..d397e32 100644
--- a/package/victoriametrics/vmagent.service
+++ b/package/victoriametrics/vmagent.service
@@ -19,8 +19,6 @@ ReadWritePaths=/var/lib/victoria-metrics
 CapabilityBoundingSet=
 DeviceAllow=
 DevicePolicy=closed
-IPAddressAllow=localhost
-IPAddressDeny=any
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes