diff --git a/horizon/templates/opennms-core.statefulset.yaml b/horizon/templates/opennms-core.statefulset.yaml
index 44da031..59eb717 100644
--- a/horizon/templates/opennms-core.statefulset.yaml
+++ b/horizon/templates/opennms-core.statefulset.yaml
@@ -43,11 +43,14 @@ spec:
           seccompProfile:
             type: RuntimeDefault
           {{- if eq (include "onOpenShift" .) "true" }}
-          {{- if has "CAP_NET_RAW" ((.Values.dependencies.securitycontext).allowedCapabilities) }}
           capabilities:
+          {{- if has "CAP_NET_RAW" (.Values.dependencies.securitycontext).allowedCapabilities }}
             add:
              - CAP_NET_RAW
-         {{- end }}
+          {{- else }}
+            drop:
+             - ALL
+          {{- end }}
          {{- end }}
          {{- end }}
       terminationGracePeriodSeconds: {{ .Values.core.terminationGracePeriodSeconds | default 120 }}
@@ -98,10 +101,13 @@ spec:
           seccompProfile:
             type: RuntimeDefault
           {{- if eq (include "onOpenShift" .) "true" }}
-          {{- if has "CAP_NET_RAW" (.Values.dependencies.securitycontext).allowedCapabilities }}
           capabilities:
+          {{- if has "CAP_NET_RAW" (.Values.dependencies.securitycontext).allowedCapabilities }}
             add:
              - CAP_NET_RAW
+          {{- else }}
+            drop:
+             - ALL
           {{- end }}
           {{- end }}
         {{- end }}
@@ -139,10 +145,13 @@ spec:
           seccompProfile:
             type: RuntimeDefault
           {{- if eq (include "onOpenShift" .) "true" }}
-          {{- if has "CAP_NET_RAW" (.Values.dependencies.securitycontext).allowedCapabilities }}
           capabilities:
+          {{- if has "CAP_NET_RAW" (.Values.dependencies.securitycontext).allowedCapabilities }}
             add:
              - CAP_NET_RAW
+          {{- else }}
+            drop:
+             - ALL
           {{- end }}
           {{- end }}
          {{- end }}
diff --git a/horizon/templates/opennms-sentinel.statefulset.yaml b/horizon/templates/opennms-sentinel.statefulset.yaml
index 4762d2b..1c236a6 100644
--- a/horizon/templates/opennms-sentinel.statefulset.yaml
+++ b/horizon/templates/opennms-sentinel.statefulset.yaml
@@ -38,9 +38,16 @@ spec:
           runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
+          {{- if eq (include "onOpenShift" .) "true" }}
           capabilities:
+          {{- if has "CAP_NET_RAW" (.Values.dependencies.securitycontext).allowedCapabilities }}
             add:
-             - NET_RAW
+             - CAP_NET_RAW
+          {{- else }}
+            drop:
+             - ALL
+          {{- end }}
+          {{- end }}
       {{- end }}
       terminationGracePeriodSeconds: {{ .Values.sentinel.terminationGracePeriodSeconds | default 60 }}
       {{- if .Values.imagePullSecrets }}
diff --git a/minion/templates/minion-deployment.yaml b/minion/templates/minion-deployment.yaml
index 5f7f91a..408c0af 100644
--- a/minion/templates/minion-deployment.yaml
+++ b/minion/templates/minion-deployment.yaml
@@ -32,6 +32,9 @@ spec:
           capabilities:
             add:
              - CAP_NET_RAW
+          {{- else }}
+            drop:
+             - ALL
          {{- end }}
          {{- end }}
       {{- end }}