Comment by nevon

Cool! While in Kubernetes you have cilium that does basically the same thing, outside of Kubernetes I've been using explicit proxies to do this kind of thing, which requires applications to support http proxy. I could definitely see transitioning those workloads to using ebpf filters instead.

Any fundamental reason you can't allow/block individual ports, or just a design choice?