diff --git a/devstack/plugin.sh b/devstack/plugin.sh
index 84c2ef948..719884eda 100755
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@@ -55,6 +55,8 @@ function init_fwaas() {
         mkdir /etc/neutron/policy.d
     fi
     cp $DEST/neutron-fwaas/etc/neutron/policy.d/neutron-fwaas.json /etc/neutron/policy.d/neutron-fwaas.json
+    # Using sudo to gain the root privilege to be able to copy file to rootwrap.d
+    sudo cp $DEST/neutron-fwaas/etc/neutron/rootwrap.d/fwaas-privsep.filters /etc/neutron/rootwrap.d/fwaas-privsep.filters
 }
 
 function shutdown_fwaas() {
diff --git a/etc/neutron/rootwrap.d/fwaas-privsep.filters b/etc/neutron/rootwrap.d/fwaas-privsep.filters
new file mode 100644
index 000000000..6b631417d
--- /dev/null
+++ b/etc/neutron/rootwrap.d/fwaas-privsep.filters
@@ -0,0 +1,7 @@
+# neutron-fwaas privsep filters
+
+# This file should be owned by (and only-writeable by) the root user
+
+[Filters]
+
+privsep-rootwrap: PathFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, neutron_fwaas.privileged.default
diff --git a/setup.cfg b/setup.cfg
index 24cfb9d21..5d97f6573 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -23,6 +23,10 @@ classifier =
 packages =
     neutron_fwaas
 
+data_files =
+    etc/neutron/rootwrap.d =
+        etc/neutron/rootwrap.d/fwaas-privsep.filters
+
 [global]
 setup-hooks =
     pbr.hooks.setup_hook