diff --git a/Changelog b/Changelog
index f3b2487..ab2d9d4 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Enable network_peer_controls policy capability from Paul Moore.
- Btrfs xattr support from Paul Moore.
- Add db_procedure install permission from KaiGai Kohei.
- Add support for network interfaces with access controlled by a Boolean
diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in
index b138740..bb46175 100644
--- a/policy/modules/kernel/corenetwork.if.in
+++ b/policy/modules/kernel/corenetwork.if.in
@@ -315,6 +315,60 @@ interface(`corenet_raw_sendrecv_generic_if',`
########################################
##
+## Allow outgoing network traffic on the generic interfaces.
+##
+##
+##
+## The peer label of the outgoing network traffic.
+##
+##
+##
+#
+interface(`corenet_out_generic_if',`
+ gen_require(`
+ type netif_t;
+ ')
+
+ allow $1 netif_t:netif egress;
+')
+
+########################################
+##
+## Allow incoming traffic on the generic interfaces.
+##
+##
+##
+## The peer label of the incoming network traffic.
+##
+##
+##
+#
+interface(`corenet_in_generic_if',`
+ gen_require(`
+ type netif_t;
+ ')
+
+ allow $1 netif_t:netif ingress;
+')
+
+########################################
+##
+## Allow incoming and outgoing network traffic on the generic interfaces.
+##
+##
+##
+## The peer label of the network traffic.
+##
+##
+##
+#
+interface(`corenet_inout_generic_if',`
+ corenet_in_generic_if($1)
+ corenet_out_generic_if($1)
+')
+
+########################################
+##
## Send and receive TCP network traffic on all interfaces.
##
##
@@ -610,6 +664,60 @@ interface(`corenet_raw_bind_generic_node',`
########################################
##
+## Allow outgoing network traffic to generic nodes.
+##
+##
+##
+## The peer label of the outgoing network traffic.
+##
+##
+##
+#
+interface(`corenet_out_generic_node',`
+ gen_require(`
+ type node_t;
+ ')
+
+ allow $1 node_t:node sendto;
+')
+
+########################################
+##
+## Allow incoming network traffic from generic nodes.
+##
+##
+##
+## The peer label of the incoming network traffic.
+##
+##
+##
+#
+interface(`corenet_in_generic_node',`
+ gen_require(`
+ type node_t;
+ ')
+
+ allow $1 node_t:node recvfrom;
+')
+
+########################################
+##
+## Allow incoming and outgoing network traffic with generic nodes.
+##
+##
+##
+## The peer label of the network traffic.
+##
+##
+##
+#
+interface(`corenet_inout_generic_node',`
+ corenet_in_generic_node($1)
+ corenet_out_generic_node($1)
+')
+
+########################################
+##
## Send and receive TCP network traffic on all nodes.
##
##
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 49e3b43..e8fe376 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -1,5 +1,5 @@
-policy_module(corenetwork, 1.11.2)
+policy_module(corenetwork, 1.11.3)
########################################
#
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index fce1402..d3d685a 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -1,5 +1,5 @@
-policy_module(kernel, 1.10.2)
+policy_module(kernel, 1.10.3)
########################################
#
@@ -221,8 +221,10 @@ allow kernel_t unlabeled_t:dir mounton;
# connections with invalidated labels:
allow kernel_t unlabeled_t:packet send;
-# Forwarded network traffic
+# Allow unlabeled network traffic
allow unlabeled_t unlabeled_t:packet { forward_in forward_out };
+corenet_in_generic_if(unlabeled_t)
+corenet_in_generic_node(unlabeled_t)
corenet_all_recvfrom_unlabeled(kernel_t)
corenet_all_recvfrom_netlabel(kernel_t)
diff --git a/policy/policy_capabilities b/policy/policy_capabilities
index 054cfbc..6f79d90 100644
--- a/policy/policy_capabilities
+++ b/policy/policy_capabilities
@@ -17,7 +17,7 @@
# netif: ingress egress
# peer: recv
#
-#policycap network_peer_controls;
+policycap network_peer_controls;
# Enable additional access controls for opening
# a file (and similar objects).