diff --git a/templates/netpol-restrict-auditlog-access.yaml b/templates/netpol-restrict-auditlog-access.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..a5dca9cd6d34aae20a9b27e48671f6e145a26aa8
--- /dev/null
+++ b/templates/netpol-restrict-auditlog-access.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: restrict-auditlog-webhook-access
+  namespace: kube-system
+spec:
+  description: "Restricts egress traffic to audit log webhook to falco only"
+  endpointSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values: ["falcosidekick", "falco"]
+  egressDeny:
+    - toCIDR:
+        - 10.254.0.11/32
+  # policyTypes:
+  #   - Egress
+  # podSelector:
+  #   matchLabels:
+  #     app.kubernetes.io/instance: cern-magnum
+  #     app.kubernetes.io/name: falcosidekick
+  # egress:
+  #   - to:
+  #       - ipBlock:
+  #           cidr: 10.254.0.11/32
+  #     ports:
+  #       - protocol: TCP
+  #         port: 9765