diff --git a/float/roles/float-base/templates/sysctl.conf.j2 b/float/roles/float-base/templates/sysctl.conf.j2
index ac7fed2fc551f9e2a99d2e0abe45e93abc8fdbb6..c28c31ee34042151897ddd7646e4f7d73ae6617f 100644
--- a/float/roles/float-base/templates/sysctl.conf.j2
+++ b/float/roles/float-base/templates/sysctl.conf.j2
@@ -114,6 +114,7 @@ kernel.sysrq=0
 # (linux-hardened default)
 net.core.bpf_jit_harden=2
 kernel.unprivileged_bpf_disabled=1
+{% endif %}
 
 {% if not disable_restricted_sysctl %}
 # Disable unprivileged user namespaces