diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml
index ac1229c02f7bc6240f321584c6915c3c00af0385..4b0ca66693f02e494b69fa0f0376c56614dfcb4c 100644
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -123,3 +123,6 @@ calico_bgp_listen_port: 179
 # Calico FelixConfiguration options
 calico_felix_reporting_interval: 0s
 calico_felix_log_severity_screen: Info
+
+# Calico container settings
+calico_allow_ip_forwarding: false
diff --git a/roles/network_plugin/calico/templates/cni-calico.conflist.j2 b/roles/network_plugin/calico/templates/cni-calico.conflist.j2
index bc92f7009e60109e68f4f94813cc205f5231452a..acac05f51ad845846b74afd157c4ed4249001bfd 100644
--- a/roles/network_plugin/calico/templates/cni-calico.conflist.j2
+++ b/roles/network_plugin/calico/templates/cni-calico.conflist.j2
@@ -38,6 +38,11 @@
         "ipv4_pools": ["{{ calico_pool_cidr | default(kube_pods_subnet) }}"]
       },
 {% endif %}
+{% if calico_allow_ip_forwarding %}
+      "container_settings": {
+        "allow_ip_forwarding": true
+      },
+{% endif %}
 {% if (calico_feature_control is defined) and (calico_feature_control|length > 0) %}
       "feature_control": {
         {% for fc in calico_feature_control -%}