diff --git a/infra/lxd/cluster.tf b/infra/lxd/cluster.tf
index c02f1bb4..beaf2634 100644
--- a/infra/lxd/cluster.tf
+++ b/infra/lxd/cluster.tf
@@ -6,7 +6,7 @@ resource "lxd_profile" "kubenode" {
     "limits.memory.swap" = false
     "security.privileged"  = true
     "security.nesting"     = true
-    "linux.kernel_modules" = "ip_tables,ip6_tables,nf_nat,overlay,br_netfilter"
+    "linux.kernel_modules" = "ip_tables,ip6_tables,netlink_diag,nf_nat,overlay,br_netfilter"
     "raw.lxc"       = <<-EOT
       lxc.apparmor.profile=unconfined
       lxc.cap.drop=
@@ -31,6 +31,17 @@ resource "lxd_profile" "kubenode" {
     EOT
   }
 
+  # echo "262144" > /sys/module/nf_conntrack/parameters/hashsize
+  device {
+    type = "disk"
+    name = "hashsize"
+
+    properties = {
+      source = "/sys/module/nf_conntrack/parameters/hashsize"
+      path = "/sys/module/nf_conntrack/parameters/hashsize"
+    }
+  }
+
   device {
     type = "unix-char"
     name = "kmsg"