diff --git a/modules.go b/modules.go
index 3f9f97a..74e7770 100644
--- a/modules.go
+++ b/modules.go
@@ -2398,14 +2398,16 @@ func (e *Executor) moduleSysctl(ctx context.Context, client sshExecutorClient, a
 	value := getStringArg(args, "value", "")
 	state := getStringArg(args, "state", "present")
 	reload := getBoolArg(args, "reload", false)
+	sysctlFile := getStringArg(args, "sysctl_file", "/etc/sysctl.conf")
+	escapedName := regexp.QuoteMeta(name)
 
 	if name == "" {
 		return nil, coreerr.E("Executor.moduleSysctl", "name required", nil)
 	}
 
 	if state == "absent" {
-		// Remove from sysctl.conf
-		cmd := sprintf("sed -i '/%s/d' /etc/sysctl.conf", name)
+		// Remove from the configured sysctl file.
+		cmd := sprintf("sed -i '/%s/d' %q", escapedName, sysctlFile)
 		stdout, stderr, rc, err := client.Run(ctx, cmd)
 		if err != nil || rc != 0 {
 			return &TaskResult{Failed: true, Msg: stderr, Stdout: stdout, RC: rc}, nil
@@ -2429,8 +2431,8 @@ func (e *Executor) moduleSysctl(ctx context.Context, client sshExecutorClient, a
 
 	// Persist if requested (best-effort)
 	if getBoolArg(args, "sysctl_set", true) {
-		cmd = sprintf("grep -q '^%s' /etc/sysctl.conf && sed -i 's/^%s.*/%s=%s/' /etc/sysctl.conf || echo '%s=%s' >> /etc/sysctl.conf",
-			name, name, name, value, name, value)
+		cmd = sprintf("grep -q '^%s' %q && sed -i 's/^%s.*/%s=%s/' %q || echo '%s=%s' >> %q",
+			escapedName, sysctlFile, escapedName, name, value, sysctlFile, name, value, sysctlFile)
 		stdout, stderr, rc, err := client.Run(ctx, cmd)
 		if err != nil || rc != 0 {
 			return &TaskResult{Failed: true, Msg: stderr, Stdout: stdout, RC: rc}, nil
diff --git a/modules_adv_test.go b/modules_adv_test.go
index a54ea46..75bb1a0 100644
--- a/modules_adv_test.go
+++ b/modules_adv_test.go
@@ -1245,6 +1245,22 @@ func TestModulesAdv_ModuleSysctl_Good_ReloadsAfterPersisting(t *testing.T) {
 	assert.True(t, mock.hasExecuted(`sysctl -p`))
 }
 
+func TestModulesAdv_ModuleSysctl_Good_UsesCustomSysctlFile(t *testing.T) {
+	e, mock := newTestExecutorWithMock("host1")
+	mock.expectCommand(`sed -i '/net\\.ipv4\\.ip_forward/d' .*custom\.conf`, "", "", 0)
+
+	result, err := e.moduleSysctl(context.Background(), mock, map[string]any{
+		"name":        "net.ipv4.ip_forward",
+		"state":       "absent",
+		"sysctl_file": "/etc/sysctl.d/custom.conf",
+	})
+
+	require.NoError(t, err)
+	assert.True(t, result.Changed)
+	assert.False(t, result.Failed)
+	assert.True(t, mock.hasExecuted(`sed -i '/net\\.ipv4\\.ip_forward/d' .*custom\.conf`))
+}
+
 // --- uri module ---
 
 func TestModulesAdv_ModuleURI_Good_GetRequestDefault(t *testing.T) {