diff --git a/rpminspect.yaml b/rpminspect.yaml
new file mode 100644
index 0000000..d01b3f9
--- /dev/null
+++ b/rpminspect.yaml
@@ -0,0 +1,49 @@
+#
+# rpminspect configuration file
+#
+# *** INTERNAL SETTINGS FOR RED HAT -- DO NOT REDISTRIBUTE ***
+#
+
+#XXX In order to tweak the rpminspect configuration per component, the
+#XXX default configuration file can be obtained from
+#XXX https://gitlab.cee.redhat.com/osci/rpminspect-data-redhat/-/blob/master/redhat.yaml
+
+---
+badfuncs:
+    # Shared function names prohibited from executables and libraries.
+    # The function names listed here are generally ones provided by
+    # the system, but are deprecated in favor of more modern
+    # alternatives.  As a rule we do not want to make use of those but
+    # only provide them to users for backwards compatibility.
+
+    # This is an array of forbidden function names.
+    - gethostbyname
+    - gethostbyname2
+    - gethostbyaddr
+    - inet_addr
+
+    #XXX NetworkManager intentionally uses inet_aton. It does so in a controlled manner
+    #XXX to parse IPv4 addresses in the legacy style (with leading zeros, which inet_pton() does
+    #XXX not support). See https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/cf1b726157c36f72a79aa1276c8c80fe2be1d04d/src/libnm-glib-aux/nm-shared-utils.c#L911
+    #XXX
+    #XXX - inet_aton
+
+    - inet_nsap_addr
+    - inet_ntoa
+    - inet_nsap_ntoa
+    - inet_makeaddr
+    - inet_netof
+    - inet_network
+    - inet_neta
+    - inet_net_ntop
+    - inet_net_pton
+    - rcmd
+    - rexec
+    - rresvport
+
+    # Optional list of glob(7) specifications to match files to ignore
+    # for this inspection.  The format of this list is the same as the
+    # global 'ignore' list.  The difference is the items specified
+    # here will only be used during this inspection.
+    #ignore:
+    #    - /usr/lib*/libexample.so*