diff --git a/plays/firewall.yml b/plays/firewall.yml
index 37f9c3966d23134fca6bdf0cb6a72767ce4ac140..6106544786f586827351719ce2d00251cd6ac941 100755
--- a/plays/firewall.yml
+++ b/plays/firewall.yml
@@ -1,9 +1,10 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Deploy iproute2 config file
+# Deploy iproute2 and sysctl config files
 - hosts: crans_routeurs
   roles:
     - iproute2
+    - sysctl-forwarding
 
 # Deploy firewall
 - hosts: crans_routeurs
diff --git a/roles/sysctl-forwarding/tasks/main.yml b/roles/sysctl-forwarding/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e923003929d8ab311a4cb343c727002af6e990ea
--- /dev/null
+++ b/roles/sysctl-forwarding/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Deploy sysctl configuration
+  template:
+    src: sysctl.d/10-forwarding.conf.j2
+    dest: /etc/sysctl.d/10-forwarding.conf
diff --git a/roles/sysctl-forwarding/templates/sysctl.d/10-forwarding.conf.j2 b/roles/sysctl-forwarding/templates/sysctl.d/10-forwarding.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..8656e7b019519957a072ed4f9421f0bf4dbe67c7
--- /dev/null
+++ b/roles/sysctl-forwarding/templates/sysctl.d/10-forwarding.conf.j2
@@ -0,0 +1,9 @@
+{{ ansible_header | comment }}
+
+# Enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1