diff --git a/cr-dump.c b/cr-dump.c
index ee8d2336d..047e11c96 100644
--- a/cr-dump.c
+++ b/cr-dump.c
@@ -48,6 +48,7 @@
 #include "pstree.h"
 #include "mount.h"
 #include "tty.h"
+#include "net.h"
 
 #include "protobuf.h"
 #include "protobuf/fdinfo.pb-c.h"
@@ -1579,6 +1580,9 @@ int cr_dump_tasks(pid_t pid, const struct cr_options *opts)
 	pr_info("Dumping processes (pid: %d)\n", pid);
 	pr_info("========================================\n");
 
+	if (network_lock())
+		goto err;
+
 	if (write_img_inventory())
 		goto err;
 
@@ -1636,7 +1640,7 @@ err:
 	 * don't, just close them silently.
 	 */
 	if (ret)
-		tcp_unlock_all();
+		network_unlock();
 	pstree_switch_state(root_item,
 			ret ? TASK_ALIVE : opts->final_state);
 	free_pstree(root_item);
diff --git a/include/net.h b/include/net.h
index b210679d0..fb55e0777 100644
--- a/include/net.h
+++ b/include/net.h
@@ -16,4 +16,7 @@ struct veth_pair {
 	char *inside;
 	char *outside;
 };
+
+extern int network_lock(void);
+extern void network_unlock(void);
 #endif
diff --git a/net.c b/net.c
index 5988159f1..96fb2ca7f 100644
--- a/net.c
+++ b/net.c
@@ -11,6 +11,7 @@
 #include "net.h"
 #include "libnetlink.h"
 #include "crtools.h"
+#include "sk-inet.h"
 
 #include "protobuf.h"
 #include "protobuf/netdev.pb-c.h"
@@ -405,3 +406,28 @@ int netns_pre_create(void)
 	pr_info("Saved netns fd for links restore\n");
 	return 0;
 }
+
+int network_lock(void)
+{
+	pr_info("Lock network\n");
+
+	/* Each connection will be locked on dump */
+	if  (!(opts.namespaces_flags & CLONE_NEWNET))
+		return 0;
+
+	return run_scripts("network-lock");
+}
+
+void network_unlock(void)
+{
+	pr_info("Unlock network\n");
+
+	if  (!(opts.namespaces_flags & CLONE_NEWNET)) {
+		tcp_unlock_all();
+
+		return;
+	}
+
+	run_scripts("network-unlock");
+}
+