diff --git a/contrib/iperf3.service b/contrib/iperf3.service
index e9cf47aa8..6806745c3 100644
--- a/contrib/iperf3.service
+++ b/contrib/iperf3.service
@@ -5,6 +5,22 @@ Requires=network.target
 [Service]
 ExecStart=/usr/bin/iperf3 -s
 Restart=on-failure
+DynamicUser=yes
+
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=strict
+ProtectHome=read-only
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+MemoryDenyWriteExecute=yes
+LockPersonality=yes
 
 [Install]
 WantedBy=multi-user.target