In a recent blog post, Alban Crequy and Mauricio Vásquez benchmarked egress filtering solutions in the Linux kernel and compared iptables, ipsets, and BPF at the tc hook. That is exciting, not only because egress benchmarks are missing with everyone focusing on ingress (e.g., XDP), but also because they: included short CPU traces, allowing us to understand what is happening. provided the code and ran it on Packet machines, allowing anyone to easily reproduce results.