diff --git a/firezone-gateway-scc.yaml b/firezone-gateway-scc.yaml
new file mode 100644
index 0000000..aacc143
--- /dev/null
+++ b/firezone-gateway-scc.yaml
@@ -0,0 +1,36 @@
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  name: firezone-gateway-scc
+allowPrivilegedContainer: false
+allowedCapabilities:
+  - NET_ADMIN
+allowHostDirVolumePlugin: false
+allowHostNetwork: false
+allowHostPorts: false
+allowHostPID: false
+allowHostIPC: false
+readOnlyRootFilesystem: false
+requiredDropCapabilities:
+  - ALL
+runAsUser:
+  type: RunAsAny
+seLinuxContext:
+  type: MustRunAs
+fsGroup:
+  type: MustRunAs
+supplementalGroups:
+  type: MustRunAs
+volumes:
+  - configMap
+  - downwardAPI
+  - emptyDir
+  - persistentVolumeClaim
+  - projected
+  - secret
+allowedUnsafeSysctls:
+  - net.ipv4.ip_forward
+  - net.ipv4.conf.all.src_valid_mark
+  - net.ipv6.conf.all.disable_ipv6
+  - net.ipv6.conf.all.forwarding
+  - net.ipv6.conf.default.forwarding
\ No newline at end of file