 
    
An eBPF-based packet filtering framework.
bpfilter transforms how you control network traffic by leveraging the power of eBPF technology. This framework elegantly translates filtering rules into optimized BPF programs, bringing unparalleled performance and flexibility to your packet filtering needs.
Key features • Quick start • Documentation
     
    
- High performance: utilizes eBPF's near-native performance capabilities
- Flexible integration: use the custom iptablesintegration or bpfilter'sbfclicommand line for extended functionalities
- Low overhead: minimal resource consumption with maximized efficiency
- Developer-friendly: clean architecture with clear separation of components
bpfilter combines three components: a CLI that allows users to define filtering rules in human-readable text, a daemon that converts these rules into efficient BPF programs, and a library that facilitates seamless communication between applications and the filtering subsystem.
Want to know more about bpfilter? Check the user's guide, the developer documentation, our contributing guide, or watch our latest public talk!
bpfilter is packaged for Fedora 40+, EPEL 9+ and supports Fedora 40+, CentOS Stream 9+, and Ubuntu 24.04+. The examples below uses Fedora 41.
# Fedora 40+ or CentOS Stream 9+ (with EPEL)
sudo dnf install -y bpfilter bpfilter-devel# Essential build requirements
sudo dnf install -y clang cmake gcc libbpf-devel libnl3-devel bison flex sed xxd
# Configure the project and build bpfilter
cmake -S $SOURCES_DIR -B $BUILD_DIR -DNO_DOCS=ON -DNO_TESTS=ON -DNO_CHECKS=ON -DNO_BENCHMARKS=ON
make -C $BUILD_DIR# Start the daemon
sudo $BUILD_DIR/output/sbin/bpfilter
# Count the number of ping coming to interface #2
sudo $BUILD_DIR/output/sbin/bfcli ruleset set --from-str "chain my_chain BF_HOOK_XDP{ifindex=2} ACCEPT rule ip4.proto icmp counter ACCEPT"The complete documentation is available on bpfilter.io.
bpfilter is licensed under GPLv2. You can find the licensing details in the COPYING file.
bpfilter was initially designed by Alexei Starovoitov with help from David S. Miller and Daniel Borkmann as a Linux kernel usermode helper, and later improved by Dmitrii Banshchikov.