diff --git a/roles/exit/files/sysctl.conf b/roles/exit/files/sysctl.conf
new file mode 100644
index 0000000..6ae2534
--- /dev/null
+++ b/roles/exit/files/sysctl.conf
@@ -0,0 +1,2 @@
+# enable directed broadcasts for WoL, must also be enabled on input interfaces to take effect
+net.ipv4.conf.all.bc_forwarding = 1
diff --git a/roles/exit/tasks/main.yml b/roles/exit/tasks/main.yml
index ed3bc53..7188da3 100644
--- a/roles/exit/tasks/main.yml
+++ b/roles/exit/tasks/main.yml
@@ -1,3 +1,8 @@
+- name: Set up sysctls
+  copy:
+    dest: /etc/sysctl.d/local-exit.conf
+    src: sysctl.conf
+
 - name: Set up networks
   template:
     dest: /etc/network/interfaces.d/networks.intf
diff --git a/roles/fabric/templates/switch.intf.j2 b/roles/fabric/templates/switch.intf.j2
index 8488fd6..6ef770a 100644
--- a/roles/fabric/templates/switch.intf.j2
+++ b/roles/fabric/templates/switch.intf.j2
@@ -47,6 +47,10 @@ iface {{ iface.name }}
 {% set fhrp_assignment = fhrp_assignments | selectattr('interface.id', '==', iface.id) | first %}
 {% set fhrp_group = fhrp_groups | selectattr('id', '==', fhrp_assignment.group.id) | first %}
     address-virtual 00:00:5e:00:01:01 {{ fhrp_group.ip_addresses | sort(attribute='family.value') | map(attribute='address') | join(' ') }}
+{% if iface.name in ifaces_directed_broadcast|default([]) %}
+{# Enable directed broadcast forwarding from this interface for WoL. #}
+    post-up echo 1 > /proc/sys/net/ipv4/conf/{{ iface.name | replace('.', '-') }}-v0/bc_forwarding
+{% endif %}
 {% endif %}
 
 {% endfor %}