In case of some sysctl parameters yes; net.* is namespaced, so net.ipv4.ip_forward can be enabled per Pod (per container).

Follow the Using Sysctls in a Kubernetes Cluster guide for details and gotchas.

Longer answer

While net is namespaced, not all sysctl variables can be set in namespace. Some simply await for a "namespacify" patch, but others will possibly never get implemented. In the specific example of net.ipv4 one could browse include/net/netns/ipv4.h to see what is supported at the moment. Such support of course depends on the actual kernel version.

In case you wanted to "empirically" verify whether sysctl (the actual kernel facility, not the tool) supports a particular variable, you could do something like this (as root):

# cat /proc/sys/net/ipv4/ip_forward
1
# unshare --net sysctl -w net.ipv4.ip_forward=0
net.ipv4.ip_forward = 0
# cat /proc/sys/net/ipv4/ip_forward
1

As you can see sysctl (the tool) running in a new namespace could set net.ipv4.ip_forward=0; also that it did not affect the parent namespace.

An example of a variable that can't be set in a namespace (no support for it at the moment):

# cat /proc/sys/net/ipv4/icmp_msgs_burst
50
# unshare --net sysctl -w net.ipv4.icmp_msgs_burst=42
sysctl: cannot stat /proc/sys/net/ipv4/icmp_msgs_burst: No such file or directory

An example of a variable that is not namespaced would be vm.nr_hugepages. This variable exists in namespaces, but the vm subsystem itself is not namespaced (setting this variable will affect all processes):

# sysctl vm.nr_hugepages
vm.nr_hugepages = 0
# unshare sysctl vm.nr_hugepages=1
vm.nr_hugepages = 1
# sysctl vm.nr_hugepages
vm.nr_hugepages = 1