diff --git a/contrib/i2pd.service b/contrib/i2pd.service
index 1eb8a92b..5ed3a211 100644
--- a/contrib/i2pd.service
+++ b/contrib/i2pd.service
@@ -33,7 +33,6 @@ SendSIGKILL=yes
 LimitNOFILE=8192
 # To enable write of coredump uncomment this
 #LimitCORE=infinity
-
 #hardening
 ProtectHostname=true
 ProtectKernelLogs=true
@@ -48,6 +47,10 @@ PrivateDevices=true
 PrivateIPC=true
 NoNewPrivileges=true
 RestrictNamespaces=true
+ProtectSystem=full
+ReadWritePaths=-/var/lib/i2pd
+ReadWritePaths=-/run/i2pd
+ReadWritePaths=-/etc/i2pd
 
 [Install]
 WantedBy=multi-user.target