diff --git a/src/tools/genpolicy/genpolicy-settings.json b/src/tools/genpolicy/genpolicy-settings.json
index c84550181b..8a5f6324e0 100644
--- a/src/tools/genpolicy/genpolicy-settings.json
+++ b/src/tools/genpolicy/genpolicy-settings.json
@@ -342,6 +342,15 @@
             "allowed_commands": [],
             "regex": []
         },
+        "UpdateRoutesRequest": {
+            "forbidden_device_names": [
+                "lo"
+            ],
+            "forbidden_source_regex": [
+                "^(?:0{0,4}:){0,7}0{0,3}1$",
+                "^127\\.(?:[0-9]{1,3}\\.){2}[0-9]{1,3}$"
+            ]
+        },
         "CloseStdinRequest": false,
         "ReadStreamRequest": false,
         "UpdateEphemeralMountsRequest": false,
diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
index 36f4bdd098..22c7a97bbb 100644
--- a/src/tools/genpolicy/rules.rego
+++ b/src/tools/genpolicy/rules.rego
@@ -39,7 +39,7 @@ default TtyWinResizeRequest := true
 default UpdateContainerRequest := false
 default UpdateEphemeralMountsRequest := false
 default UpdateInterfaceRequest := true
-default UpdateRoutesRequest := true
+default UpdateRoutesRequest := false
 default WaitProcessRequest := true
 default WriteStreamRequest := false
 
@@ -1319,6 +1319,28 @@ ExecProcessRequest {
     print("ExecProcessRequest 3: true")
 }
 
+UpdateRoutesRequest {
+    print("UpdateRoutesRequest: input =", input)
+    print("UpdateRoutesRequest: policy =", policy_data.request_defaults.UpdateRoutesRequest)
+
+    i_routes := input.routes.Routes
+    p_source_regex = policy_data.request_defaults.UpdateRoutesRequest.forbidden_source_regex
+    p_names = policy_data.request_defaults.UpdateRoutesRequest.forbidden_device_names
+
+    every i_route in i_routes {
+        print("i_route.source =", i_route.source)
+        every p_regex in p_source_regex {
+            print("p_regex =", p_regex)
+            not regex.match(p_regex, i_route.source)
+        }
+
+        print("i_route.device =", i_route.device)
+        not i_route.device in p_names
+    }
+
+    print("UpdateRoutesRequest: true")
+}
+
 CloseStdinRequest {
     policy_data.request_defaults.CloseStdinRequest == true
 }
diff --git a/src/tools/genpolicy/src/policy.rs b/src/tools/genpolicy/src/policy.rs
index fa469f63ff..d7c93c95e9 100644
--- a/src/tools/genpolicy/src/policy.rs
+++ b/src/tools/genpolicy/src/policy.rs
@@ -334,6 +334,16 @@ pub struct ExecProcessRequestDefaults {
     regex: Vec<String>,
 }
 
+/// UpdateRoutesRequest settings from genpolicy-settings.json.
+#[derive(Clone, Debug, Serialize, Deserialize)]
+pub struct UpdateRoutesRequestDefaults {
+    /// Forbid adding routes to devices of these names.
+    forbidden_device_names: Vec<String>,
+
+    /// Forbid adding routes originating from these addresses.
+    forbidden_source_regex: Vec<String>,
+}
+
 /// Settings specific to each kata agent endpoint, loaded from
 /// genpolicy-settings.json.
 #[derive(Clone, Debug, Serialize, Deserialize)]
@@ -347,6 +357,9 @@ pub struct RequestDefaults {
     /// Commands allowed to be executed by the Host in all Guest containers.
     pub ExecProcessRequest: ExecProcessRequestDefaults,
 
+    /// Allow the host to update routes for devices other than the loopback.
+    pub UpdateRoutesRequest: UpdateRoutesRequestDefaults,
+
     /// Allow the Host to close stdin for a container. Typically used with WriteStreamRequest.
     pub CloseStdinRequest: bool,
 
diff --git a/src/tools/genpolicy/tests/main.rs b/src/tools/genpolicy/tests/main.rs
index e0082f6870..2dd1ad4c74 100644
--- a/src/tools/genpolicy/tests/main.rs
+++ b/src/tools/genpolicy/tests/main.rs
@@ -11,7 +11,9 @@ mod tests {
     use std::path;
     use std::str;
 
-    use protocols::agent::{CopyFileRequest, CreateContainerRequest, CreateSandboxRequest};
+    use protocols::agent::{
+        CopyFileRequest, CreateContainerRequest, CreateSandboxRequest, UpdateRoutesRequest,
+    };
     use serde::de::DeserializeOwned;
     use serde::{Deserialize, Serialize};
 
@@ -135,6 +137,11 @@ mod tests {
         runtests::<CreateSandboxRequest>("createsandbox").await;
     }
 
+    #[tokio::test]
+    async fn test_update_routes() {
+        runtests::<UpdateRoutesRequest>("updateroutes").await;
+    }
+
     #[tokio::test]
     async fn test_create_container_network_namespace() {
         runtests::<CreateContainerRequest>("createcontainer/network_namespace").await;
diff --git a/src/tools/genpolicy/tests/testdata/updateroutes/pod.yaml b/src/tools/genpolicy/tests/testdata/updateroutes/pod.yaml
new file mode 100644
index 0000000000..7ac6554ed9
--- /dev/null
+++ b/src/tools/genpolicy/tests/testdata/updateroutes/pod.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dummy
+spec:
+  runtimeClassName: kata-cc-isolation
+  containers:
+  - name: dummy
+    image: registry.k8s.io/pause:3.6@sha256:3d380ca8864549e74af4b29c10f9cb0956236dfb01c40ca076fb6c37253234db
diff --git a/src/tools/genpolicy/tests/testdata/updateroutes/testcases.json b/src/tools/genpolicy/tests/testdata/updateroutes/testcases.json
new file mode 100644
index 0000000000..bc581e6bad
--- /dev/null
+++ b/src/tools/genpolicy/tests/testdata/updateroutes/testcases.json
@@ -0,0 +1,118 @@
+[
+  {
+    "description": "compliant routes",
+    "allowed": true,
+    "request": {
+      "routes": {
+        "Routes": [
+          {
+            "dest": "",
+            "gateway": "10.244.0.1",
+            "device": "eth0",
+            "source": "",
+            "scope": 0,
+            "family": 0
+          }
+        ]
+      }
+    }
+  },
+  {
+    "description": "forbidden device",
+    "allowed": false,
+    "request": {
+      "routes": {
+        "Routes": [
+          {
+            "dest": "",
+            "gateway": "10.244.0.1",
+            "device": "lo",
+            "source": "",
+            "scope": 0,
+            "family": 0
+          }
+        ]
+      }
+    }
+  },
+  {
+    "description": "one compliant route, one noncompliant",
+    "allowed": false,
+    "request": {
+      "routes": {
+        "Routes": [
+          {
+            "dest": "",
+            "gateway": "10.244.0.1",
+            "device": "eth0",
+            "source": "",
+            "scope": 0,
+            "family": 0
+          },
+          {
+            "dest": "",
+            "gateway": "10.244.0.1",
+            "device": "eth0",
+            "source": "::1",
+            "scope": 0,
+            "family": 0
+          }
+        ]
+      }
+    }
+  },
+  {
+    "description": "noncompliant routes",
+    "allowed": false,
+    "request": {
+      "routes": {
+        "Routes": [
+          {
+            "dest": "",
+            "gateway": "10.244.0.1",
+            "device": "eth0",
+            "source": "127.0.0.1",
+            "scope": 0,
+            "family": 0
+          }
+        ]
+      }
+    }
+  },
+  {
+    "description": "noncompliant routes ipv6 1",
+    "allowed": false,
+    "request": {
+      "routes": {
+        "Routes": [
+          {
+            "dest": "",
+            "gateway": "10.244.0.1",
+            "device": "eth0",
+            "source": "::1",
+            "scope": 0,
+            "family": 0
+          }
+        ]
+      }
+    }
+  },
+  {
+    "description": "noncompliant routes ipv6 2",
+    "allowed": false,
+    "request": {
+      "routes": {
+        "Routes": [
+          {
+            "dest": "",
+            "gateway": "10.244.0.1",
+            "device": "eth0",
+            "source": "00::001",
+            "scope": 0,
+            "family": 0
+          }
+        ]
+      }
+    }
+  }
+]