diff --git a/playbooks/openshift-apps/coreos-cincinnati.yml b/playbooks/openshift-apps/coreos-cincinnati.yml
index 2766f317d9..9b5076cb9f 100644
--- a/playbooks/openshift-apps/coreos-cincinnati.yml
+++ b/playbooks/openshift-apps/coreos-cincinnati.yml
@@ -20,6 +20,7 @@
     - jlebon
     - lucab
     - sanja
+    egress_policy_template: "{{ roles_path }}/openshift-apps/coreos-cincinnati/templates/egresspolicy.yml"
 
   - role: openshift/imagestream
     app: coreos-cincinnati
diff --git a/roles/openshift-apps/coreos-cincinnati/templates/egresspolicy.yml b/roles/openshift-apps/coreos-cincinnati/templates/egresspolicy.yml
new file mode 100644
index 0000000000..a8d29e33ac
--- /dev/null
+++ b/roles/openshift-apps/coreos-cincinnati/templates/egresspolicy.yml
@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: EgressNetworkPolicy
+metadata:
+  name: default
+spec:
+  egress:
+  - type: Allow
+    to:
+      dnsName: builds.coreos.fedoraproject.org
+  - type: Deny
+    to:
+      cidrSelector: "0.0.0.0/0"