diff --git a/kustomization.yaml b/kustomization.yaml
index f592714..b39072c 100644
--- a/kustomization.yaml
+++ b/kustomization.yaml
@@ -3,6 +3,5 @@ kind: Kustomization
 resources:
 # Uncomment if storing configuration in the repo
 # - configmap.yaml
-  - networkpolicy.yaml
   - ./thelounge
   - ./znc
diff --git a/thelounge/networkpolicy.yaml b/thelounge/networkpolicy.yaml
new file mode 100644
index 0000000..246f2ba
--- /dev/null
+++ b/thelounge/networkpolicy.yaml
@@ -0,0 +1,38 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: thelounge
+  namespace: irc
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: thelounge
+  policyTypes:
+    - Ingress
+    - Egress
+
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: irc
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: istio-system
+
+  egress:
+    # namespace-local
+    - to:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: irc
+
+    # public internet only
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0
+            except:
+              - 10.0.0.0/8
+              - 172.16.0.0/12
+              - 192.168.0.0/16
\ No newline at end of file
diff --git a/networkpolicy.yaml b/znc/networkpolicy.yaml
similarity index 100%
rename from networkpolicy.yaml
rename to znc/networkpolicy.yaml