diff --git a/policy/modules/apps/syncthing.te b/policy/modules/apps/syncthing.te
index e45a1ae6d..f93b6c346 100644
--- a/policy/modules/apps/syncthing.te
+++ b/policy/modules/apps/syncthing.te
@@ -5,6 +5,14 @@ policy_module(syncthing, 1.1.0)
 # Declarations
 #
 
+## <desc>
+##      <p>
+##      Determine whether syncthing can
+##      run ifconfig/iproute2 to find gateway.
+## </p>
+## </desc>
+gen_tunable(syncthing_can_run_ifconfig, false)
+
 attribute_role syncthing_roles;
 role syncthing_roles types syncthing_t;
 
@@ -69,3 +77,7 @@ optional_policy(`
 	# temporary hack for /run/NetworkManager/resolv.conf until we make this part of sysnet_dns_name_resolve()
 	networkmanager_read_pid_files(syncthing_t)
 ')
+
+tunable_policy(`syncthing_can_run_ifconfig',`
+        sysnet_domtrans_ifconfig(syncthing_t)
+')