diff --git a/elements/amphora-selinux/post-install.d/50-selinux-policies b/elements/amphora-selinux/post-install.d/50-selinux-policies
index 3642e40879..001ce628fe 100755
--- a/elements/amphora-selinux/post-install.d/50-selinux-policies
+++ b/elements/amphora-selinux/post-install.d/50-selinux-policies
@@ -17,3 +17,6 @@ enable_selinux_bool () {
 enable_selinux_bool os_haproxy_enable_nsfs
 enable_selinux_bool os_haproxy_ping
 enable_selinux_bool cluster_use_execmem
+# Allows keepalived to connect to any ports (required by TCP-based HMs on UDP
+# pools)
+enable_selinux_bool keepalived_connect_any
diff --git a/releasenotes/notes/fix-selinux-tcp-hm-on-udp-pools-89c3b8db89e359ba.yaml b/releasenotes/notes/fix-selinux-tcp-hm-on-udp-pools-89c3b8db89e359ba.yaml
new file mode 100644
index 0000000000..97ca282820
--- /dev/null
+++ b/releasenotes/notes/fix-selinux-tcp-hm-on-udp-pools-89c3b8db89e359ba.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Fixed an SELinux issues with TCP-based health-monitor on UDP pools, some
+    specific monitoring ports were denied by SELinux. The Amphora image now
+    enables the ``keepalived_connect_any`` SELinux boolean that allows
+    connections to any ports.