diff --git a/kustomization.yaml b/kustomization.yaml
index 8bd9582..d0df928 100644
--- a/kustomization.yaml
+++ b/kustomization.yaml
@@ -5,7 +5,6 @@ namespace: irc
 
 resources:
   - namespace.yaml
-  - waypoint.yaml
 # Uncomment if storing configuration in the repo
 # - configmap.yaml
   - ./thelounge
diff --git a/namespace.yaml b/namespace.yaml
index 98975b1..8deb5a1 100644
--- a/namespace.yaml
+++ b/namespace.yaml
@@ -4,4 +4,3 @@ metadata:
   name: irc
   labels:
     istio.io/dataplane-mode: ambient
-    istio.io/use-waypoint: waypoint
diff --git a/thelounge/httproute.yaml b/thelounge/httproute.yaml
index 9e9973d..71e044a 100644
--- a/thelounge/httproute.yaml
+++ b/thelounge/httproute.yaml
@@ -5,7 +5,7 @@ metadata:
   namespace: irc
 spec:
   parentRefs:
-    - name: istio-external
+    - name: external
       namespace: gateway-system
   hostnames:
     - ${THELOUNGE_HOSTNAME}
diff --git a/thelounge/service.yaml b/thelounge/service.yaml
index 1487b2e..3f0b9dc 100644
--- a/thelounge/service.yaml
+++ b/thelounge/service.yaml
@@ -6,7 +6,6 @@ metadata:
   name: thelounge
   labels:
     app.kubernetes.io/name: thelounge
-    istio.io/use-waypoint: waypoint
 spec:
   type: ClusterIP
   ports:
diff --git a/waypoint.yaml b/waypoint.yaml
deleted file mode 100644
index 949a97f..0000000
--- a/waypoint.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: Gateway
-metadata:
-  name: waypoint
-  namespace: irc
-  labels:
-    istio.io/waypoint-for: namespace
-spec:
-  gatewayClassName: istio-waypoint
-  listeners:
-  - name: mesh
-    port: 15008
-    protocol: HBONE
diff --git a/znc/ciliumnetworkpolicy.yaml b/znc/ciliumnetworkpolicy.yaml
new file mode 100644
index 0000000..cf3227f
--- /dev/null
+++ b/znc/ciliumnetworkpolicy.yaml
@@ -0,0 +1,27 @@
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: znc-egress
+  namespace: irc
+spec:
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/name: znc
+  egress:
+  - toEndpoints:
+    - matchLabels:
+        k8s:io.kubernetes.pod.namespace: kube-system
+        k8s:k8s-app: kube-dns
+    toPorts:
+    - ports:
+      - port: "53"
+        protocol: ANY
+      rules:
+        dns:
+        - matchPattern: "*"
+  - toFQDNs:
+    - matchName: "irc.passthepopcorn.me"
+    toPorts:
+    - ports:
+      - port: "6697"
+        protocol: TCP
diff --git a/znc/kustomization.yaml b/znc/kustomization.yaml
index aea7c93..a2f4802 100644
--- a/znc/kustomization.yaml
+++ b/znc/kustomization.yaml
@@ -4,3 +4,4 @@ resources:
   - statefulset.yaml
   - service.yaml
   - authorizationpolicy.yaml
+  - ciliumnetworkpolicy.yaml
diff --git a/znc/service.yaml b/znc/service.yaml
index 6586c5b..b850dcd 100644
--- a/znc/service.yaml
+++ b/znc/service.yaml
@@ -6,7 +6,6 @@ metadata:
   name: znc
   labels:
     app.kubernetes.io/name: znc
-    istio.io/use-waypoint: waypoint
   annotations:
     external-dns.alpha.kubernetes.io/hostname: ${ZNC_HOSTNAME}
 spec: