diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in
index c95ab94b3..a4596978d 100644
--- a/contrib/unbound.service.in
+++ b/contrib/unbound.service.in
@@ -66,7 +66,7 @@ ProtectSystem=strict
 RuntimeDirectory=unbound
 ConfigurationDirectory=unbound
 StateDirectory=unbound
-RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
 RestrictRealtime=true
 SystemCallArchitectures=native
 SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources
diff --git a/contrib/unbound_portable.service.in b/contrib/unbound_portable.service.in
index 998b66dec..e763763f0 100644
--- a/contrib/unbound_portable.service.in
+++ b/contrib/unbound_portable.service.in
@@ -38,7 +38,7 @@ ProtectSystem=strict
 RuntimeDirectory=unbound
 ConfigurationDirectory=unbound
 StateDirectory=unbound
-RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
 RestrictRealtime=true
 SystemCallArchitectures=native
 SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources