diff --git a/APP_PROFILER/entrypoint.sh b/APP_PROFILER/entrypoint.sh
index 48b4b54..1473004 100644
--- a/APP_PROFILER/entrypoint.sh
+++ b/APP_PROFILER/entrypoint.sh
@@ -7,23 +7,20 @@ if [ ! -c /dev/net/tun ]; then
     chmod 600 /dev/net/tun
 fi
 
-# Enable IP forwarding
-sysctl -w net.ipv4.ip_forward=1 || true
-
+# Enable IP forwarding (moved to docker-compose.yml sysctls)
+# sysctl -w net.ipv4.ip_forward=1 || true
 
 # NAT MASQUERADE
 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 
 # MSS Clamping (Path MTU Tuning)
-# Works for both directions in one rule on the FORWARD chain
 iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 
-
-# Start OpenRC (needed for rc-service if we use it, but better to start openvpn directly or via rc)
-# Since we are in Alpine, we can try to start the service if configured, 
-# but Container 4 main.py might expect rc-service to work.
-openrc default
+# Minimal OpenRC initialization to allow rc-service to work in Alpine
+mkdir -p /run/openrc
+touch /run/openrc/softlevel
 
 # Start the APP_PROFILER API
+
 # We use 0.0.0.0 to be reachable from other containers
 python main.py
diff --git a/docker-compose.yml b/docker-compose.yml
index 7521895..8d6fe2a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -59,7 +59,10 @@ services:
     container_name: ovp-profiler
     cap_add:
       - NET_ADMIN
+    sysctls:
+      - net.ipv4.ip_forward=1
     devices:
+
       - "/dev/net/tun:/dev/net/tun"
     ports:
       - "8000:8000"