diff --git a/etc/sysctl.d/harden_bpf.conf b/etc/sysctl.d/harden_bpf.conf
new file mode 100644
index 0000000..a039bfd
--- /dev/null
+++ b/etc/sysctl.d/harden_bpf.conf
@@ -0,0 +1,3 @@
+# Hardens the BPF JIT compiler and restricts it to root.
+kernel.unprivileged_bpf_disabled=1
+net.core.bpf_jit_harden=2