Explicit Allow-Listing for ICMP

Cilium is a networking software which provides secure network connectivity and load-balancing between applications using eBPF. In addition, Cilium is a CNI plugin for Kubernetes. Cilium can manage network access control by using network policy functions, called “CiliumNetworkPolicy” (CNP). Users can allow or deny specific traffic by applying a CNP. However, currently, any traffic except for TCP/UDP (including ICMP) is denied if an L4 CNP is present, and there is no way for the user to explicitly allow ICMP traffic. Therefore, I propose to implement a CNP for explicitly allowing ICMP traffic.