diff --git a/conntrack-tools.changes b/conntrack-tools.changes
index 94a79e6..2fc6fdc 100644
--- a/conntrack-tools.changes
+++ b/conntrack-tools.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Aug 30 08:34:07 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s). Modified:
+  * conntrackd.service
+
 -------------------------------------------------------------------
 Wed Apr  1 18:55:00 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/conntrack-tools.spec b/conntrack-tools.spec
index 6f319b4..72e968e 100644
--- a/conntrack-tools.spec
+++ b/conntrack-tools.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package conntrack-tools
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
diff --git a/conntrackd.service b/conntrackd.service
index 64cfea4..4c00987 100644
--- a/conntrackd.service
+++ b/conntrackd.service
@@ -15,6 +15,16 @@ ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure
 ProtectSystem=full
 ProtectHome=true
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 WatchdogSec=60
 
 [Install]