diff --git a/deploy/clusterlink-agent.yaml b/deploy/clusterlink-agent.yaml
index a56b6b00f..cde3bb24e 100644
--- a/deploy/clusterlink-agent.yaml
+++ b/deploy/clusterlink-agent.yaml
@@ -46,6 +46,12 @@ spec:
           - mountPath: /etc/clusterlink/kubeconfig
             name: proxy-config
             readOnly: true
+          - mountPath: /run/xtables.lock
+            name: iptableslock
+            readOnly: false
+          - mountPath: /lib/modules
+            name: lib-modules
+            readOnly: true
       terminationGracePeriodSeconds: 30
       securityContext:
         privileged: true
@@ -55,3 +61,12 @@ spec:
         configMap:
           defaultMode: 420
           name: proxy-config
+      - hostPath:
+          path: /run/xtables.lock
+          type: FileOrCreate
+        name: iptableslock
+      - name: lib-modules
+        hostPath:
+          path: /lib/modules
+
+      
diff --git a/pkg/operator/clusterlink/agent/manifests.go b/pkg/operator/clusterlink/agent/manifests.go
index d8545423c..fdac753e0 100644
--- a/pkg/operator/clusterlink/agent/manifests.go
+++ b/pkg/operator/clusterlink/agent/manifests.go
@@ -56,13 +56,25 @@ spec:
         - mountPath: /etc/clusterlink
           name: proxy-config
           readOnly: true
+        - mountPath: /run/xtables.lock
+          name: iptableslock
+          readOnly: false
+        - mountPath: /lib/modules
+          name: lib-modules
+          readOnly: true
       terminationGracePeriodSeconds: 30
       hostNetwork: true
       volumes:
       - name: proxy-config
         secret:
           secretName: {{ .ProxyConfigMapName }}
-
+      - hostPath:
+          path: /run/xtables.lock
+          type: FileOrCreate
+        name: iptableslock
+      - name: lib-modules
+        hostPath:
+          path: /lib/modules
 `
 
 // DaemonSetReplace is a struct to help to concrete