diff --git a/manifests/function/k8scontrol-vm-infra/iptables-setup.yaml b/manifests/function/k8scontrol-vm-infra/iptables-setup.yaml
index 83c3e7805..e9c177a7b 100644
--- a/manifests/function/k8scontrol-vm-infra/iptables-setup.yaml
+++ b/manifests/function/k8scontrol-vm-infra/iptables-setup.yaml
@@ -33,6 +33,7 @@
 
       # activate ip_forwarding
       echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
-      iptables -A FORWARD -i REPLACEMENT_VM_INFRA_INTF -j ACCEPT
-      iptables -t nat -A POSTROUTING -s REPLACEMENT_VM_SUBNET_CIDR -o REPLACEMENT_MGMT_INTF -j MASQUERADE
+      # Uncomment the below two lines when SIP creates VMs on control plane nodes.
+      #iptables -A FORWARD -i REPLACEMENT_VM_INFRA_INTF -j ACCEPT
+      #iptables -t nat -A POSTROUTING -s REPLACEMENT_VM_SUBNET_CIDR -o REPLACEMENT_MGMT_INTF -j MASQUERADE
       exit 0