The ability to declaratively describe the rules for the network stack

[masterbpro]

Which section is this feature request for?

Functionality

Is there an existing issue for this?

• I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

Currently, configuring network rules (filtering, NAT, routing) in Linux using eBPF requires writing low-level eBPF programs manually. This process is time-consuming and error-prone, especially for complex configurations. A YAML-based configuration system would simplify this process and make it more accessible

Describe the solution you'd like

I would like a program that:

• Reads a YAML config file describing network rules (e.g., filtering).
• Generates eBPF programs based on the YAML config.
• Loads the eBPF programs into the Linux kernel.

YAML config structure example:

network:
  interfaces:
    - name: eth0
      rules:
        - action: allow
          protocol: tcp
          src_ip: 192.168.0.0/24
          dst_port: 22
          comment: "Allow SSH"
        - action: allow
          protocol: icmp
          src_ip: 0.0.0.0/0
          comment: "Allow ICMP (ping)"
        - action: allow
          protocol: tcp
          src_ip: 0.0.0.0/0
          dst_port: 80
          comment: "Allow HTTP"
        - action: allow
          protocol: tcp
          src_ip: 0.0.0.0/0
          dst_port: 443
          comment: "Allow HTTPs"

Additional context

This feature would make eBPF-based network configuration more user-friendly and scalable, especially for DevOps and network engineers who prefer declarative configurations over writing low-level code. It would also integrate well with existing automation tools like Ansible or Terraform