diff --git a/dhcpd.service b/dhcpd.service
index 1ed184e..e832b02 100644
--- a/dhcpd.service
+++ b/dhcpd.service
@@ -13,6 +13,7 @@ ExecStart=/usr/sbin/dhcpd -pf /run/dhcpd/dhcpd.pid -cf $CONFIGFILE -lf $LEASEFIL
 PIDFile=/run/dhcpd/dhcpd.pid
 User=isc-dhcpd
 AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN
 ProtectSystem=full
 ProtectHome=true
 KillSignal=SIGINT