[CRIU] Network locking with bpf instead of iptables-restore

[Adrian Reber]

I am just curious if this has already been discussed. Instead of running
iptables-restore to lock and unlock the network, would creating a bpf
based network lock and unlock be possible?

Something like systemd does here:

https://github.com/systemd/systemd/blob/master/src/core/bpf-firewall.c

Wouldn't it be possible to lose the dependency on iptables-restore if we
could directly add firewall rules using bpf?

		Adrian