diff --git a/systemd/nftables-exporter.service b/systemd/nftables-exporter.service
index 3957e76..1047532 100644
--- a/systemd/nftables-exporter.service
+++ b/systemd/nftables-exporter.service
@@ -6,8 +6,9 @@ After=network-online.target
 Type=simple
 PIDFile=/run/nftables_exporter.pid
 ExecStart=/usr/bin/nftables-exporter
-User=root
-Group=root
+DynamicUser=true
+AmbientCapabilities=CAP_NET_ADMIN
+NoNewPrivileges=true
 SyslogIdentifier=nftables-exporter
 Restart=on-failure
 RemainAfterExit=no