diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml
index ac1229c02..4b0ca6669 100644
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -123,3 +123,6 @@ calico_bgp_listen_port: 179
 # Calico FelixConfiguration options
 calico_felix_reporting_interval: 0s
 calico_felix_log_severity_screen: Info
+
+# Calico container settings
+calico_allow_ip_forwarding: false
diff --git a/roles/network_plugin/calico/templates/cni-calico.conflist.j2 b/roles/network_plugin/calico/templates/cni-calico.conflist.j2
index bc92f7009..acac05f51 100644
--- a/roles/network_plugin/calico/templates/cni-calico.conflist.j2
+++ b/roles/network_plugin/calico/templates/cni-calico.conflist.j2
@@ -38,6 +38,11 @@
         "ipv4_pools": ["{{ calico_pool_cidr | default(kube_pods_subnet) }}"]
       },
 {% endif %}
+{% if calico_allow_ip_forwarding %}
+      "container_settings": {
+        "allow_ip_forwarding": true
+      },
+{% endif %}
 {% if (calico_feature_control is defined) and (calico_feature_control|length > 0) %}
       "feature_control": {
         {% for fc in calico_feature_control -%}