diff --git a/src/iwd.service.in b/src/iwd.service.in
index 9b0158b5..d7a30931 100644
--- a/src/iwd.service.in
+++ b/src/iwd.service.in
@@ -9,6 +9,7 @@ BusName=net.connman.iwd
 ExecStart=@libexecdir@/iwd
 LimitNPROC=1
 Restart=on-failure
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
 PrivateTmp=true
 NoNewPrivileges=true
 DevicePolicy=closed
diff --git a/wired/ead.service.in b/wired/ead.service.in
index 95397dcf..fe71aa94 100644
--- a/wired/ead.service.in
+++ b/wired/ead.service.in
@@ -9,6 +9,7 @@ BusName=net.connman.ead
 ExecStart=@libexecdir@/ead
 LimitNPROC=1
 Restart=on-failure
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
 PrivateTmp=true
 NoNewPrivileges=true
 PrivateDevices=true