diff --git a/extras/wg-netns@.service b/extras/wg-netns@.service
index 7aa5578..0f75429 100644
--- a/extras/wg-netns@.service
+++ b/extras/wg-netns@.service
@@ -14,8 +14,6 @@ RemainAfterExit=yes
 WorkingDirectory=%E/wireguard
 ConfigurationDirectory=wireguard
 ConfigurationDirectoryMode=0700
-ReadOnlyPaths=%E/wireguard
-ReadWritePaths=%E/netns
 
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_SYS_ADMIN
 LimitNOFILE=4096
@@ -23,19 +21,8 @@ LimitNPROC=512
 LockPersonality=true
 MemoryDenyWriteExecute=true
 NoNewPrivileges=true
-PrivateDevices=true
-PrivateMounts=true
-PrivateTmp=true
-ProcSubset=pid
 ProtectClock=true
-ProtectControlGroups=true
-ProtectHome=true
 ProtectHostname=true
-ProtectKernelLogs=true
-ProtectKernelModules=true
-ProtectKernelTunables=true
-ProtectProc=noaccess
-ProtectSystem=strict
 RemoveIPC=true
 RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK
 RestrictNamespaces=mnt net