diff --git a/packages/rke2-flannel/generated-changes/patch/Chart.yaml.patch b/packages/rke2-flannel/generated-changes/patch/Chart.yaml.patch
index b50086a14..60e1cd2dd 100644
--- a/packages/rke2-flannel/generated-changes/patch/Chart.yaml.patch
+++ b/packages/rke2-flannel/generated-changes/patch/Chart.yaml.patch
@@ -9,4 +9,4 @@
  sources:
 -- https://github.com/flannel-io/flannel
 +- https://github.com/rancher/rke2-charts
- version: v0.25.4
+ version: v0.25.5
diff --git a/packages/rke2-flannel/generated-changes/patch/templates/config.yaml.patch b/packages/rke2-flannel/generated-changes/patch/templates/config.yaml.patch
index 04c624a92..071cf2d64 100644
--- a/packages/rke2-flannel/generated-changes/patch/templates/config.yaml.patch
+++ b/packages/rke2-flannel/generated-changes/patch/templates/config.yaml.patch
@@ -17,4 +17,4 @@
 +      "IPv6Network": {{ .Values.global.clusterCIDRv6 | quote }},
        "EnableIPv6": true,
  {{- end }}
-       "Backend": {
+ {{- if .Values.flannel.enableNFTables }}
diff --git a/packages/rke2-flannel/generated-changes/patch/templates/daemonset.yaml.patch b/packages/rke2-flannel/generated-changes/patch/templates/daemonset.yaml.patch
index d325e2514..1ac35c03f 100644
--- a/packages/rke2-flannel/generated-changes/patch/templates/daemonset.yaml.patch
+++ b/packages/rke2-flannel/generated-changes/patch/templates/daemonset.yaml.patch
@@ -42,7 +42,40 @@
            capabilities:
              add: ["NET_ADMIN", "NET_RAW"]
          env:
-@@ -98,6 +92,7 @@
+@@ -91,39 +85,14 @@
+           mountPath: /etc/kube-flannel/
+         - name: xtables-lock
+           mountPath: /run/xtables.lock
+-{{- if .Values.netpol.enabled }}
+-      - name: kube-network-policies
+-        image: {{ .Values.netpol.image.repository }}:{{ .Values.netpol.image.tag }}
+-        command:
+-        - "/bin/netpol"
+-        {{- range .Values.netpol.args }}
+-        - {{ . | quote }}
+-        {{- end }}
+-        volumeMounts:
+-        - name: lib-modules
+-          mountPath: /lib/modules
+-          readOnly: true
+-        resources:
+-          requests:
+-            cpu: "100m"
+-            memory: "50Mi"
+-        securityContext:
+-          privileged: true
+-          capabilities:
+-            add: ["NET_ADMIN"]
+-{{- end }}
+       volumes:
+-{{- if .Values.netpol.enabled }}
+-      - name: lib-modules
+-        hostPath:
+-          path: /lib/modules
+-{{- end }}
+       - name: run
+         hostPath:
+           path: /run/flannel
        - name: cni-plugin
          hostPath:
            path: /opt/cni/bin
diff --git a/packages/rke2-flannel/generated-changes/patch/templates/rbac.yaml.patch b/packages/rke2-flannel/generated-changes/patch/templates/rbac.yaml.patch
new file mode 100644
index 000000000..adb31fbc5
--- /dev/null
+++ b/packages/rke2-flannel/generated-changes/patch/templates/rbac.yaml.patch
@@ -0,0 +1,26 @@
+--- charts-original/templates/rbac.yaml
++++ charts/templates/rbac.yaml
+@@ -19,23 +19,6 @@
+   - nodes/status
+   verbs:
+   - patch
+-{{- if .Values.netpol.enabled }}
+-- apiGroups:
+-  - "networking.k8s.io"
+-  resources:
+-  - networkpolicies
+-  verbs:
+-  - list
+-  - watch
+-- apiGroups:
+-  - "policy.networking.k8s.io"
+-  resources:
+-  - adminnetworkpolicies
+-  - baselineadminnetworkpolicies
+-  verbs:
+-  - list
+-  - watch
+-{{- end }}
+ ---
+ kind: ClusterRoleBinding
+ apiVersion: rbac.authorization.k8s.io/v1
diff --git a/packages/rke2-flannel/generated-changes/patch/values.yaml.patch b/packages/rke2-flannel/generated-changes/patch/values.yaml.patch
index 6c49b7466..62af15898 100644
--- a/packages/rke2-flannel/generated-changes/patch/values.yaml.patch
+++ b/packages/rke2-flannel/generated-changes/patch/values.yaml.patch
@@ -15,18 +15,18 @@
    # kube-flannel image
    image:
 -    repository: docker.io/flannel/flannel
--    tag: v0.25.4
+-    tag: v0.25.5
 +    repository: rancher/hardened-flannel
-+    tag: v0.25.4-build20240610
++    tag: v0.25.5-build20240801
    image_cni:
 -    repository: docker.io/flannel/flannel-cni-plugin
--    tag: v1.4.1-flannel1
+-    tag: v1.5.1-flannel1
 +    repository: rancher/hardened-cni-plugins
-+    tag: v1.4.1-build20240430
++    tag: v1.5.1-build20240805
    # flannel command arguments
+   enableNFTables: false,
    args:
-   - "--ip-masq"
-@@ -25,14 +16,14 @@
+@@ -26,14 +17,14 @@
    # Documentation at https://github.com/flannel-io/flannel/blob/master/Documentation/backends.md
    backend: "vxlan"
    # Port used by the backend 0 means default value (VXLAN: 8472, Wireguard: 51821, UDP: 8285)
@@ -43,7 +43,7 @@
    # Enable VXLAN Group Based Policy (Default false)
    # GBP: false
    # Enable direct routes (default is false)
-@@ -54,7 +45,18 @@
+@@ -55,16 +46,18 @@
    # General daemonset configs
    #
    tolerations:
@@ -61,7 +61,15 @@
 +  - key: "node-role.kubernetes.io/etcd"
 +    operator: "Exists"
 +    effect: "NoExecute"
-+
+ 
+-netpol:
+-  enabled: false
+-  args:
+-  - "--hostname-override=$(MY_NODE_NAME)"
+-  - "--v=2"
+-  image:
+-    repository: registry.k8s.io/networking/kube-network-policies
+-    tag: v0.4.0
 +global:
 +  systemDefaultRegistry: ""
 +  clusterCIDRv4: ""
diff --git a/packages/rke2-flannel/package.yaml b/packages/rke2-flannel/package.yaml
index 16c1dc9a9..28cc8c432 100644
--- a/packages/rke2-flannel/package.yaml
+++ b/packages/rke2-flannel/package.yaml
@@ -1,2 +1,2 @@
-url: https://github.com/flannel-io/flannel/releases/download/v0.25.4/flannel.tgz
+url: https://github.com/flannel-io/flannel/releases/download/v0.25.5/flannel.tgz
 packageVersion: 00