diff --git a/virtio-devices/src/seccomp_filters.rs b/virtio-devices/src/seccomp_filters.rs
index baa14a031..f86fbb2df 100644
--- a/virtio-devices/src/seccomp_filters.rs
+++ b/virtio-devices/src/seccomp_filters.rs
@@ -20,6 +20,7 @@ pub enum Thread {
     VirtioPmem,
     VirtioRng,
     VirtioVhostFs,
+    VirtioVhostNet,
     VirtioVhostNetCtl,
 }
 
@@ -254,6 +255,21 @@ fn virtio_vhost_fs_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
     ])
 }
 
+fn virtio_vhost_net_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
+    Ok(vec![
+        allow_syscall(libc::SYS_brk),
+        allow_syscall(libc::SYS_dup),
+        allow_syscall(libc::SYS_epoll_create1),
+        allow_syscall(libc::SYS_epoll_ctl),
+        allow_syscall(libc::SYS_epoll_pwait),
+        #[cfg(target_arch = "x86_64")]
+        allow_syscall(libc::SYS_epoll_wait),
+        allow_syscall(libc::SYS_futex),
+        allow_syscall(libc::SYS_read),
+        allow_syscall(libc::SYS_write),
+    ])
+}
+
 fn virtio_vhost_net_ctl_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
     Ok(vec![
         allow_syscall(libc::SYS_brk),
@@ -280,6 +296,7 @@ fn get_seccomp_filter_trap(thread_type: Thread) -> Result<SeccompFilter, Error>
         Thread::VirtioPmem => virtio_pmem_thread_rules()?,
         Thread::VirtioRng => virtio_rng_thread_rules()?,
         Thread::VirtioVhostFs => virtio_vhost_fs_thread_rules()?,
+        Thread::VirtioVhostNet => virtio_vhost_net_thread_rules()?,
         Thread::VirtioVhostNetCtl => virtio_vhost_net_ctl_thread_rules()?,
     };
 
@@ -301,6 +318,7 @@ fn get_seccomp_filter_log(thread_type: Thread) -> Result<SeccompFilter, Error> {
         Thread::VirtioPmem => virtio_pmem_thread_rules()?,
         Thread::VirtioRng => virtio_rng_thread_rules()?,
         Thread::VirtioVhostFs => virtio_vhost_fs_thread_rules()?,
+        Thread::VirtioVhostNet => virtio_vhost_net_thread_rules()?,
         Thread::VirtioVhostNetCtl => virtio_vhost_net_ctl_thread_rules()?,
     };
 
diff --git a/virtio-devices/src/vhost_user/net.rs b/virtio-devices/src/vhost_user/net.rs
index 1f5570cf1..5f4db692f 100644
--- a/virtio-devices/src/vhost_user/net.rs
+++ b/virtio-devices/src/vhost_user/net.rs
@@ -318,10 +318,15 @@ impl VirtioDevice for Net {
 
             let paused = self.paused.clone();
             let paused_sync = self.paused_sync.clone();
+            let virtio_vhost_net_seccomp_filter =
+                get_seccomp_filter(&self.seccomp_action, Thread::VirtioVhostNet)
+                    .map_err(ActivateError::CreateSeccompFilter)?;
             thread::Builder::new()
-                .name("vhost_user_net".to_string())
+                .name("vhost_net".to_string())
                 .spawn(move || {
-                    if let Err(e) = handler.run(paused, paused_sync) {
+                    if let Err(e) = SeccompFilter::apply(virtio_vhost_net_seccomp_filter) {
+                        error!("Error applying seccomp filter: {:?}", e);
+                    } else if let Err(e) = handler.run(paused, paused_sync) {
                         error!("Error running worker: {:?}", e);
                     }
                 })