commit 597d3e0d2643c96cbb1c8282066f0b0bc8534b5c
Author: Luca Boccassi <bluca@debian.org>
Date:   Sun Oct 8 19:34:41 2023 +0100

    unit: drop IPAddressDeny=any
    
    It is not useful, as only AF_UNIX sockets are permitted anyway, and
    a network namespace it is used. It requires loading a BPF program
    which might not work everywhere.

diff --git a/data/polkit.service.in b/data/polkit.service.in
index 4b44a80..539a25d 100644
--- a/data/polkit.service.in
+++ b/data/polkit.service.in
@@ -11,7 +11,6 @@ DevicePolicy=strict
 ExecStart=@libprivdir@/polkitd --no-debug
 User=@polkitd_user@
 Group=@polkitd_user@
-IPAddressDeny=any
 LimitMEMLOCK=0
 LockPersonality=yes
 MemoryDenyWriteExecute=yes