diff --git a/roles/prepare/files/sctp.conf b/roles/prepare/files/sctp.conf
new file mode 100644
index 0000000..da8a137
--- /dev/null
+++ b/roles/prepare/files/sctp.conf
@@ -0,0 +1,2 @@
+# put sctp into blacklist
+install sctp /bin/true
diff --git a/roles/prepare/tasks/common.yml b/roles/prepare/tasks/common.yml
index 51c40fa..108e4c8 100644
--- a/roles/prepare/tasks/common.yml
+++ b/roles/prepare/tasks/common.yml
@@ -39,3 +39,6 @@
 
 - name: 设置系统 ulimits
   template: src=30-k8s-ulimits.conf.j2 dest=/etc/security/limits.d/30-k8s-ulimits.conf
+
+- name: 把SCTP列入内核模块黑名单
+  copy: src=sctp.conf dest=/etc/modprobe.d/sctp.conf