diff --git a/lib/route/neigh.c b/lib/route/neigh.c
index aec988c9..fd883ec3 100644
--- a/lib/route/neigh.c
+++ b/lib/route/neigh.c
@@ -777,8 +777,15 @@ static int build_neigh_msg(struct rtnl_neigh *tmpl, int cmd, int flags,
 	if (tmpl->ce_mask & NEIGH_ATTR_NHID)
 		NLA_PUT_U32(msg, NDA_NH_ID, tmpl->n_nhid);
 
-	if (tmpl->ce_mask & NEIGH_ATTR_EXT_FLAGS)
-		NLA_PUT_U32(msg, NDA_FLAGS_EXT, tmpl->n_ext_flags);
+	if (tmpl->ce_mask & NEIGH_ATTR_EXT_FLAGS) {
+		/* The kernel does not allow setting the locked flag from
+		 * userspace, so unset it in the request. */
+		uint32_t ext_flags = tmpl->n_ext_flags &
+				     ~(uint32_t)NTF_EXT_LOCKED;
+
+		if (ext_flags)
+			NLA_PUT_U32(msg, NDA_FLAGS_EXT, ext_flags);
+	}
 
 	*result = msg;
 	return 0;