diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml
index 4a5d44d..71b6c81 100644
--- a/inventory/sample/group_vars/all.yml
+++ b/inventory/sample/group_vars/all.yml
@@ -13,6 +13,7 @@ container_iface: "eth0"
 # set use_calico to true to use tigera operator/calico instead of the default CNI flannel
 # install reference: https://docs.tigera.io/calico/latest/getting-started/kubernetes/k3s/multi-node-install#install-calico
 use_calico: false
+calico_ebpf: false # use eBPF dataplane instead of iptables https://docs.tigera.io/calico/latest/operations/ebpf
 calico_cidr: "10.52.0.0/16" # pod cidr pool
 calico_tag: "v3.27.0" # calico version tag
 
diff --git a/roles/k3s_server_post/tasks/calico.yml b/roles/k3s_server_post/tasks/calico.yml
index 36ac1dd..7be5a00 100644
--- a/roles/k3s_server_post/tasks/calico.yml
+++ b/roles/k3s_server_post/tasks/calico.yml
@@ -95,5 +95,17 @@
         - { name: calico-apiserver, type: deployment, selector: 'k8s-app=calico-apiserver', namespace: calico-apiserver }
       loop_control:
         label: "{{ item.type }}/{{ item.name }}"
+
+    - name: Patch Felix configuration for eBPF mode
+      ansible.builtin.command:
+        cmd: >
+          kubectl patch felixconfiguration default
+          --type='merge' 
+          --patch='{"spec": {"bpfKubeProxyIptablesCleanupEnabled": false}}'
+      register: patch_result
+      changed_when: "'felixconfiguration.projectcalico.org/default patched' in patch_result.stdout"
+      failed_when: "'Error' in patch_result.stderr"
+      when: calico_ebpf == true
+
   when: ansible_hostname == hostvars[groups[group_name_master | default('master')][0]]['ansible_hostname']
   run_once: true # stops "skipped" log spam
diff --git a/roles/k3s_server_post/templates/calico.crs.j2 b/roles/k3s_server_post/templates/calico.crs.j2
index d88b2c6..82177ec 100644
--- a/roles/k3s_server_post/templates/calico.crs.j2
+++ b/roles/k3s_server_post/templates/calico.crs.j2
@@ -16,6 +16,7 @@ spec:
       nodeSelector: {{ calico_nodeSelector if calico_nodeSelector is defined else 'all()' }}
     nodeAddressAutodetectionV4:
       interface: {{ container_iface if container_iface is defined else 'eth0' }}
+    linuxDataplane: {{ 'BPF' if calico_ebpf else 'Iptables' }}
 
 ---