All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Netfence: An Envoy xDS-like Control Plane for eBPF Network Filter Management

By

dangoodmanUT

4mo ago· 5 min readenCode
Bagel score 97 of 100
97/100
Golden Brown
Bagelometer

Slow-proofed and worth the wait. Worth its weight in flour.

Score97TypenewsSentimentneutral

Summary

Netfence is an open-source project that functions similarly to Envoy's xDS (Discovery Service) but for eBPF (extended Berkeley Packet Filter) filters. It runs as a daemon on VM/container hosts, automatically injecting eBPF filter programs into cgroups and network interfaces. The system includes a built-in DNS server that resolves allowed domains and populates IP allowlists. Netfence daemons connect to a central control plane via gRPC to synchronize allowlists/denylists with backend systems, allowing administrators to push network rules like ALLOW *.pypi.org or ALLOW 10.0.0.0/16 to attached interfaces/cgroups.

Key quotes

· 4 pulled
Netfence runs as a daemon on your VM/container hosts and automatically injects eBPF filter programs into cgroups and network interfaces
Netfence daemons connect to a central control plane that you implement via gRPC to synchronize allowlists/denylists with your backend
Your control plane pushes network rules like ALLOW *.pypi.org or ALLOW 10.0.0.0/16 to attached interfaces/cgroups
Like Envoy xDS, but for eBPF filters
Snippet from the RSS feed
Like Envoy xDS, but for eBPF filters. Contribute to danthegoodman1/netfence development by creating an account on GitHub.

You might also wanna read

Comparing AI Agent Frameworks: Hermes Agent, AutoGPT, OpenAI Agents, and CrewAI in 2026

A practical, engineering-focused comparison of major AI agent frameworks in 2026, including Hermes Agent, AutoGPT, OpenAI Agents, and CrewAI

cstu.io·22h ago

openrsync: A BSD-Licensed Implementation of rsync for OpenBSD and Unix Systems

This article describes openrsync, a BSD (ISC) licensed implementation of the rsync file synchronization tool. It has been merged into OpenBS

github.com·1d ago

openrsync: A BSD-Licensed Implementation of rsync for OpenBSD and Unix Systems

This article describes openrsync, a BSD (ISC) licensed implementation of the rsync file synchronization tool. It has been merged into OpenBS

github.com·1d ago

StepFun Releases Step 3.5 Flash: 196B Sparse MoE Model for OpenClaw Agents

StepFun has released Step 3.5 Flash, a 196B sparse Mixture of Experts (MoE) model that activates only 11B parameters per token for high effi

Product Hunt·2d ago

LibreOffice Board Outlines Web and Mobile Strategy While Maintaining Desktop Focus

The Document Foundation (TDF) held meetings in April and May 2024 to discuss the future strategy for LibreOffice across desktop, mobile, and

blog.documentfoundation.org·4d ago

RuView: Open-source WiFi sensing platform for through-wall presence detection and vital sign monitoring

RuView is an open-source WiFi sensing platform that uses commodity WiFi signals to detect people, monitor vital signs (breathing and heart r

github.com·12d ago