Hi,

I have been working on enabling eBPF XDP/TC kernel feature for IPFire,
please refer to
https://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg
for where XDP fit in Linux network datapath, XDP will not interfere
with existing IPFire firewall rules. XDP is especially good at DDoS
packet filtering at high speed, see
https://netdevconf.info/0x15/slides/30/Netdev%200x15%20Accelerating%20synproxy%20with%20XDP.pdf

I think we only need to enable XDP/TC network filtering capability
without eBPF tracing capability which some users are concerned about
potential host security information leaks.

Please let me know what you think, thanks!

Vincent