diff --git a/ansible/roles/ip-routing/defaults/main.yml b/ansible/roles/ip-routing/defaults/main.yml
new file mode 100644
index 000000000..1046ec520
--- /dev/null
+++ b/ansible/roles/ip-routing/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+
+# See kernel doc for more detail: /Documentation/networking/ip-sysctl.txt
+ip_routing_rp_filter_mode: 0
diff --git a/ansible/roles/ip-routing/tasks/main.yml b/ansible/roles/ip-routing/tasks/main.yml
index aeb896b82..f2a1a2e0f 100644
--- a/ansible/roles/ip-routing/tasks/main.yml
+++ b/ansible/roles/ip-routing/tasks/main.yml
@@ -6,6 +6,6 @@
     sysctl_set: "yes"
   with_items:
     - { name: "net.ipv4.ip_forward", value: 1}
-    - { name: "net.ipv4.conf.all.rp_filter", value: 0}
-    - { name: "net.ipv4.conf.default.rp_filter", value: 0}
+    - { name: "net.ipv4.conf.all.rp_filter", value: "{{ ip_routing_rp_filter_mode }}"}
+    - { name: "net.ipv4.conf.default.rp_filter", value: "{{ ip_routing_rp_filter_mode }}"}
   become: True