diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 7e7ebee44..3f4c828f9 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -49,6 +49,9 @@ kernel.dmesg_restrict = 1
 fs.protected_symlinks = 1
 fs.protected_hardlinks = 1
 
+# Turn on BPF JIT hardening, if the JIT is enabled.
+net.core.bpf_jit_harden = 2
+
 # Minimal preemption granularity for CPU-bound tasks:
 # (default: 1 msec#  (1 + ilog(ncpus)), units: nanoseconds)
 kernel.sched_min_granularity_ns = 10000000