diff --git a/pkg/provider-local/controller/infrastructure/actuator.go b/pkg/provider-local/controller/infrastructure/actuator.go
index 7e6e4e9c611..5fa15ec3004 100644
--- a/pkg/provider-local/controller/infrastructure/actuator.go
+++ b/pkg/provider-local/controller/infrastructure/actuator.go
@@ -60,8 +60,7 @@ func (a *actuator) Reconcile(ctx context.Context, _ logr.Logger, infrastructure
 	networkPolicyAllowMachinePods.Spec = networkingv1.NetworkPolicySpec{
 		Ingress: []networkingv1.NetworkPolicyIngressRule{{
 			From: []networkingv1.NetworkPolicyPeer{
-				{PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"app": "machine"}}},
-				{PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"app": "vpn-seed-server"}}},
+				{PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{v1beta1constants.LabelNetworkPolicyToShootNetworks: v1beta1constants.LabelNetworkPolicyAllowed}}},
 			},
 		}},
 		Egress: []networkingv1.NetworkPolicyEgressRule{{