diff --git a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
index 8b9bcf1..df9d472 100644
--- a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
@@ -36,6 +36,13 @@ spec:
         enabled: true
     ipam:
       mode: kubernetes
+    policyEnforcementMode: always    # enforce network policies
+    policyAuditMode: true            # do not block traffic
+    hostFirewall:
+      enabled: true                  # enable host policies
+    extraConfig:
+      allow-localhost: policy        # enable policies for localhost
+
     kubeProxyReplacement: true
     securityContext:
       capabilities: