diff --git a/package/network/services/mdns/Makefile b/package/network/services/mdns/Makefile
index 690f54770af8fc6958b211dceac61effc34f2db6..a7314002065769ec562c1e556f1f48c45a88b403 100644
--- a/package/network/services/mdns/Makefile
+++ b/package/network/services/mdns/Makefile
@@ -20,6 +20,7 @@ PKG_SOURCE_VERSION:=a5560f88bb2cddeef0ef11a12e7822b9c19a75a5
 PKG_MAINTAINER:=John Crispin <blogic@openwrt.org>
 PKG_LICENSE:=LGPL-2.1
 
+include $(INCLUDE_DIR)/package-seccomp.mk
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
 
@@ -37,6 +38,7 @@ define Package/mdns/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mdns $(1)/usr/sbin/
 	$(INSTALL_BIN) ./files/mdns.init $(1)/etc/init.d/mdns
 	$(INSTALL_CONF) ./files/mdns.config $(1)/etc/config/mdns
+	$(call InstallSeccomp,$(1),./files/mdns.json)
 endef
 
 $(eval $(call BuildPackage,mdns))
diff --git a/package/network/services/mdns/files/mdns.config b/package/network/services/mdns/files/mdns.config
index d64ba6768ceef943c9925364e2681357e0deaec4..b09eaf5c89722bf4cd91c6663c428b08094aa0e2 100644
--- a/package/network/services/mdns/files/mdns.config
+++ b/package/network/services/mdns/files/mdns.config
@@ -1,2 +1,3 @@
 config mdns
+	option jail 1
 	list network lan
diff --git a/package/network/services/mdns/files/mdns.init b/package/network/services/mdns/files/mdns.init
index 1bb764ee131813cd3aa9d812ddad67ab590e7747..6f781190ffc7989943fbfa8e5193aaba0970c065 100644
--- a/package/network/services/mdns/files/mdns.init
+++ b/package/network/services/mdns/files/mdns.init
@@ -35,6 +35,7 @@ start_service() {
 
 	procd_open_instance
 	procd_set_param command "$PROG"
+	procd_set_param seccomp /etc/seccomp/mdns.json
 	procd_set_param respawn
 	procd_open_trigger
 	procd_add_config_trigger "config.change" "mdns" /etc/init.d/mdns reload
@@ -43,10 +44,11 @@ start_service() {
 	done
 	procd_add_raw_trigger "instance.update" 5000 "/bin/ubus" "call" "mdns" "reload"
 	procd_close_trigger
+	[ "$(uci get mdns.@mdns[-1].jail)" = 1 ] && procd_add_jail mdns ubus log
 	procd_close_instance
 }
 
 service_started() {
-	ubus wait_for -t 5 mdns
+	ubus wait_for -t 10 mdns
 	[ $? = 0 ] && reload_service
 }
diff --git a/package/network/services/mdns/files/mdns.json b/package/network/services/mdns/files/mdns.json
new file mode 100644
index 0000000000000000000000000000000000000000..c22ba6f5fb6a6289080f6d7eaf42ec493a1b3ab2
--- /dev/null
+++ b/package/network/services/mdns/files/mdns.json
@@ -0,0 +1,32 @@
+{
+	"whitelist": [
+		"read",
+		"write",
+		"open",
+		"close",
+		"time",
+		"brk",
+		"ioctl",
+		"uname",
+		"bind",
+		"connect",
+		"getsockname",
+		"recvmsg",
+		"sendmsg",
+		"sendto",
+		"setsockopt",
+		"socket",
+		"poll",
+		"fcntl64",
+		"epoll_create",
+		"epoll_ctl",
+		"epoll_wait",
+		"rt_sigaction",
+		"sigreturn",
+		"rt_sigreturn",
+		"exit_group",
+		"exit",
+		"clock_gettime"
+	],
+	"policy": 1
+}