diff --git a/defaults/main.yml b/defaults/main.yml
index b5de99f..cfc66f3 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -20,3 +20,6 @@ kernel_namespace_support_enabled: False
 kernel_coredump_enabled: True
 
 kernel_ipv6_enabled: False
+kernel_ipv6_forwarding_enabled: False
+
+kernel_ipv4_forwarding_enabled: False
diff --git a/molecule/rocky9/tests/test_default.py b/molecule/rocky9/tests/test_default.py
index 9b6635f..b038100 100644
--- a/molecule/rocky9/tests/test_default.py
+++ b/molecule/rocky9/tests/test_default.py
@@ -1,4 +1,5 @@
 import os
+import pytest
 
 import testinfra.utils.ansible_runner
 
@@ -16,6 +17,16 @@ def test_sysctl_file(host):
     assert sysctl.mode == 0o644
 
 
+@pytest.mark.parametrize(
+    "name,value", [
+        ("net.ipv4.ip_forward", 0),
+        ("net.ipv6.conf.all.forwarding", 0),
+    ]
+)
+def test_sysctl_values(host, name, value):
+    assert host.sysctl(name) == value
+
+
 def test_modprobe_file(host):
     modprobe = host.file("/etc/modprobe.d/custom.conf")
 
@@ -31,9 +42,3 @@ def test_coredump_config(host):
     assert host.file("/etc/sysctl.d/dump.conf").exists
     assert host.file("/etc/security/limits.d/dump.conf").exists
     assert host.file("/etc/profile.d/dump.sh").exists
-
-
-def test_cgroup_config(host):
-    proc = host.run("mount -l | grep cgroup")
-
-    assert "cgroup2 on /sys/fs/cgroup type cgroup2" in proc.stdout
diff --git a/templates/etc/sysctl.d/local.conf.j2 b/templates/etc/sysctl.d/local.conf.j2
index 27fa21a..0901375 100644
--- a/templates/etc/sysctl.d/local.conf.j2
+++ b/templates/etc/sysctl.d/local.conf.j2
@@ -64,7 +64,7 @@ net.ipv4.conf.all.secure_redirects = 0
 net.ipv4.conf.default.secure_redirects = 0
 
 # Don't act as a router
-net.ipv4.ip_forward = 0
+net.ipv4.ip_forward = {{ kernel_ipv4_forwarding_enabled | bool | ternary(1, 0, 0) }}
 net.ipv4.conf.all.send_redirects = 0
 net.ipv4.conf.default.send_redirects = 0
 
@@ -94,7 +94,7 @@ net.ipv6.conf.all.accept_source_route = 0
 net.ipv6.conf.default.accept_source_route = 0
 
 # Disable forwarding of IPv6
-net.ipv6.conf.all.forwarding = 0
+net.ipv6.conf.all.forwarding = {{ kernel_ipv6_forwarding_enabled | bool | ternary(1, 0, 0) }}
 {% endif %}
 {% if kernel_namespace_support_enabled | bool %}