diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4dc68c6ff8e4ba0e0e4e14d5025b38d958d9c3b0..cbb51d7cbdf93274f461f286ce37b070a68ac5f6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,2 +1,7 @@
 # Changelog
 
+## [29.1.0-bb.2]
+# Added
+* default-deny-all network policy
+* istio network policy
+* monitoring network policy
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 735e91a7e3f27270e56b3bce3ad396ec1d4085d5..b6173cfeec9a18be6eb9eb4a44ee2257386fc3e3 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: nexus-repository-manager
-version: 29.1.0-bb.1
+version: 29.1.0-bb.2
 appVersion: 3.29.0
 description: Sonatype Nexus Repository Manager - Universal Binary repository
 type: application
diff --git a/chart/templates/bigbang/networkpolicies/default-deny-all.yaml b/chart/templates/bigbang/networkpolicies/default-deny-all.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d8e6d46970fbfb62b55389f129875570582eb321
--- /dev/null
+++ b/chart/templates/bigbang/networkpolicies/default-deny-all.yaml
@@ -0,0 +1,15 @@
+{{ if .Values.networkPolicies.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-deny-all
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector: {}
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress: []
+  egress: []
+{{- end }}
+
diff --git a/chart/templates/bigbang/networkpolicies/istio.yaml b/chart/templates/bigbang/networkpolicies/istio.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..5c6c341c00efc435750f7383c8ec1b38424ba735
--- /dev/null
+++ b/chart/templates/bigbang/networkpolicies/istio.yaml
@@ -0,0 +1,44 @@
+{{ if .Values.networkPolicies.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-to-istio-ingressgateway
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector: {}
+  policyTypes:
+    - Ingress
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          app.kubernetes.io/name: istio-controlplane
+      podSelector:
+        matchLabels:
+          {{- toYaml .Values.networkPolicies.ingressLabels | nindent 10}}
+    ports:
+      - port: {{ .Values.nexus.nexusPort }}
+      {{- range .Values.nexus.docker.registries }}
+      - port: {{ .port }}
+      {{- end }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-to-istio-egress
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector: {}
+  policyTypes:
+    - Egress
+  egress:
+  - to:
+    - namespaceSelector:
+        matchLabels:
+          app.kubernetes.io/name: istio-controlplane
+      podSelector:
+        matchLabels:
+          istio: pilot
+    ports:
+    - port: 15012
+{{- end }}
diff --git a/chart/templates/bigbang/networkpolicies/kube-api-egress.yaml b/chart/templates/bigbang/networkpolicies/kube-api-egress.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..708f312b69cce3a92614a3a45b69ef83eb6c4fd4
--- /dev/null
+++ b/chart/templates/bigbang/networkpolicies/kube-api-egress.yaml
@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: kube-api-dns-egress
+  namespace: {{ .Release.Namespace }}
+spec:
+  egress:
+  - to:
+    - namespaceSelector: {}
+    ports:
+    - port: 443
+      protocol: TCP
+    - port: 53
+      protocol: UDP
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: nexus-repository-manager
+  policyTypes:
+  - Egress
\ No newline at end of file
diff --git a/chart/templates/bigbang/networkpolicies/monitoring.yaml b/chart/templates/bigbang/networkpolicies/monitoring.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..04349ef76f1ea7b1eaac2c2476e2e08590327739
--- /dev/null
+++ b/chart/templates/bigbang/networkpolicies/monitoring.yaml
@@ -0,0 +1,24 @@
+{{- if and .Values.networkPolicies.enabled .Values.monitoring.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-scraping
+  namespace: "{{ .Release.Namespace }}"
+spec:
+  ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            app.kubernetes.io/name: monitoring
+        podSelector:
+          matchLabels:
+            app: prometeus
+      ports:
+      - port: {{ .Values.nexus.nexusPort }}
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: nexus-repository-manager
+  policyTypes:
+    - Ingress
+{{- end }}
+
diff --git a/chart/values.yaml b/chart/values.yaml
index aadeaa3b6f4d9a4246d1a301048fcea9e33590ce..e0a6a9d27122f18ef48a51eff420e711766ae5bc 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -6,6 +6,13 @@ istio:
   nexus:
     gateways:
     - "istio-system/main"
+
+networkPolicies:
+  enabled: false
+  ingressLabels:
+    app: istio-ingressgateway
+    istio: ingressgateway
+
 monitoring:
   enabled: false
 license_key: ""
diff --git a/tests/test-values.yml b/tests/test-values.yml
index b09ad181fc47063ee0c5eb0ec27cdd72aec120e4..5b4075970232071206db45638b0351e935f1d8c4 100644
--- a/tests/test-values.yml
+++ b/tests/test-values.yml
@@ -4,5 +4,6 @@ istio:
 nexus:
   imagePullSecrets: 
   - name: private-registry-mil
- 
+networkPolicies:
+  enabled: true