diff --git a/finch.yaml b/finch.yaml
index 6aad51d9a..27c206862 100644
--- a/finch.yaml
+++ b/finch.yaml
@@ -143,6 +143,15 @@ provision:
 - mode: boot
   script: |
     modprobe virtiofs
+- mode: boot
+  script: |
+    modprobe br_netfilter
+    cat <<EOF > /etc/sysctl.d/99-finch.conf
+    net.bridge.bridge-nf-call-iptables = 1
+    net.bridge.bridge-nf-call-ip6tables = 1
+    net.ipv4.ip_forward = 1
+    EOF
+    sysctl --system
 # # `user` is executed without the root privilege
 - mode: user
   script: |