Add network policy filtering for user-v2 networking

  Implements egress traffic filtering with:
  - Protocol, port, IP/CIDR, and domain-based rules
  - DNS packet snooping for domain-to-IP tracking
  - ICMP support (ICMPv4/ICMPv6) - partial - awaiting gvisor fix
  - Policy validation with strict error checking
  - DNS tracker with 10k domain limit and TTL expiration

  Usage: limactl network create NAME --policy policy.yaml

Signed-off-by: Simon Kaegi <simon.kaegi@gmail.com>

Author: skaegi

cmd/limactl/network.go

@@ -10,6 +10,7 @@ import (
 	"maps"
 	"net"
 	"os"
+	"path/filepath"
 	"slices"
 	"strings"
 	"text/tabwriter"
@@ -18,12 +19,17 @@ import (
 	"github.com/spf13/cobra"
 
 	"github.com/lima-vm/lima/v2/pkg/networks"
+	"github.com/lima-vm/lima/v2/pkg/networks/usernet"
+	"github.com/lima-vm/lima/v2/pkg/networks/usernet/filter"
 	"github.com/lima-vm/lima/v2/pkg/yqutil"
 )
 
 const networkCreateExample = `  Create a network:
   $ limactl network create foo --gateway 192.168.42.1/24
 
+  Create a network with policy filtering:
+  $ limactl network create secure --gateway 192.168.42.1/24 --policy ~/policy.yaml
+
   Connect VM instances to the newly created network:
   $ limactl create --network lima:foo --name vm1
   $ limactl create --network lima:foo --name vm2
@@ -144,6 +150,7 @@ func newNetworkCreateCommand() *cobra.Command {
 	flags.String("gateway", "", "gateway, e.g., \"192.168.42.1/24\"")
 	flags.String("interface", "", "interface for bridged mode")
 	_ = cmd.RegisterFlagCompletionFunc("interface", bashFlagCompleteNetworkInterfaceNames)
+	flags.String("policy", "", "path to policy file (YAML or JSON, user-v2 mode only)")
 	return cmd
 }
 
@@ -174,6 +181,38 @@ func networkCreateAction(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	policyPath, err := flags.GetString("policy")
+	if err != nil {
+		return err
+	}
+
+	// Handle policy file if provided
+	if policyPath != "" {
+		// Only user-v2 mode supports filtering
+		if mode != networks.ModeUserV2 {
+			logrus.Warnf("Policy filtering is only supported for mode 'user-v2', ignoring --policy flag")
+		} else {
+			// Load the policy to validate it
+			pol, err := filter.LoadPolicy(policyPath)
+			if err != nil {
+				return fmt.Errorf("failed to load policy: %w", err)
+			}
+
+			// Save as JSON in the network directory (~/.lima/_networks/<name>/policy.json)
+			policyJSONPath, err := usernet.PolicyFile(name)
+			if err != nil {
+				return fmt.Errorf("failed to get policy path: %w", err)
+			}
+			// Ensure network directory exists (follows usernet convention)
+			if err := os.MkdirAll(filepath.Dir(policyJSONPath), 0o755); err != nil {
+				return fmt.Errorf("failed to create network directory: %w", err)
+			}
+			if err := filter.SavePolicyJSON(pol, policyJSONPath); err != nil {
+				return fmt.Errorf("failed to save policy: %w", err)
+			}
+		}
+	}
+
 	switch mode {
 	case networks.ModeBridged:
 		if gateway != "" {

cmd/limactl/usernet.go

@@ -11,9 +11,11 @@ import (
 	"strconv"
 	"syscall"
 
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 
 	"github.com/lima-vm/lima/v2/pkg/networks/usernet"
+	"github.com/lima-vm/lima/v2/pkg/networks/usernet/filter"
 )
 
 func newUsernetCommand() *cobra.Command {
@@ -31,6 +33,7 @@ func newUsernetCommand() *cobra.Command {
 	hostagentCommand.Flags().String("subnet", "192.168.5.0/24", "Sets subnet value for the usernet network")
 	hostagentCommand.Flags().Int("mtu", 1500, "mtu")
 	hostagentCommand.Flags().StringToString("leases", nil, "Pass default static leases for startup. Eg: '192.168.104.1=52:55:55:b3:bc:d9,192.168.104.2=5a:94:ef:e4:0c:df' ")
+	hostagentCommand.Flags().String("policy", "", "Path to policy JSON file")
 	return hostagentCommand
 }
 
@@ -75,6 +78,22 @@ func usernetAction(cmd *cobra.Command, _ []string) error {
 		return err
 	}
 
+	policyPath, err := cmd.Flags().GetString("policy")
+	if err != nil {
+		return err
+	}
+
+	// Parse the policy at the CLI boundary (fail fast on invalid policy)
+	var policy *filter.Policy
+	if policyPath != "" {
+		logrus.Debugf("Loading policy from: %s", policyPath)
+		policy, err = filter.LoadPolicy(policyPath)
+		if err != nil {
+			return fmt.Errorf("failed to load policy: %w", err)
+		}
+		logrus.Debugf("Loaded policy with %d rules", len(policy.Rules))
+	}
+
 	os.RemoveAll(endpoint)
 	os.RemoveAll(qemuSocket)
 	os.RemoveAll(fdSocket)
@@ -92,5 +111,6 @@ func usernetAction(cmd *cobra.Command, _ []string) error {
 		FdSocket:      fdSocket,
 		Subnet:        subnet,
 		DefaultLeases: leases,
+		Policy:        policy,
 	})
 }

pkg/networks/usernet/config.go

@@ -112,6 +112,16 @@ func Leases(name string) (string, error) {
 	return sockPath, nil
 }
 
+// PolicyFile returns the path to the policy JSON file for the given network name.
+// For usernet, this is stored in ~/.lima/_networks/<name>/policy.json (not VarRun).
+func PolicyFile(name string) (string, error) {
+	dir, err := dirnames.LimaNetworksDir()
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(dir, name, "policy.json"), nil
+}
+
 func netmaskToCidr(baseIP, netMask net.IP) (net.IP, *net.IPNet, error) {
 	size, _ := net.IPMask(netMask.To4()).Size()
 	return net.ParseCIDR(fmt.Sprintf("%s/%d", baseIP.String(), size))

pkg/networks/usernet/filter/README.md

@@ -0,0 +1,133 @@
+# Network Policy Filtering
+
+This package implements egress (outbound) traffic filtering for Lima's user-v2 networking using gVisor's netstack.
+
+## Architecture
+
+### Components
+
+1. **Policy** (`policy.go`) - YAML/JSON policy parsing and validation
+2. **DNS Tracker** (`dns.go`) - Tracks domain-to-IP mappings from DNS queries
+3. **DNS Snooper** (`dnssnooper.go`) - Intercepts DNS responses to populate tracker
+4. **Rules** (`rules.go`) - Converts policy rules to gVisor iptables rules
+5. **Filter** (`filter.go`) - Main entry point, wraps VirtualNetwork with filtering
+
+### Flow
+
+```
+Policy File (YAML)
+    ↓
+LoadPolicy() → Policy struct
+    ↓
+virtualnetwork.New() → VirtualNetwork
+    ↓
+Filter(vn, policy) → FilteredVirtualNetwork
+    ↓
+BuildFilterTable() → gVisor iptables rules
+    ↓
+Packets evaluated by matchers:
+  - DNS Snooper (tracks DNS)
+  - Protocol Matcher (TCP/UDP/ICMP)
+  - Port Matcher (destination ports)
+  - IP Matcher (destination IPs/CIDRs)
+    ↓
+Allow or Drop
+```
+
+### DNS Tracking via Snooping
+
+Domain-based rules require knowing which IPs belong to which domains. We achieve this by:
+
+1. Installing a DNS snooper matcher as the first iptables rule
+2. The snooper inspects all UDP port 53 source traffic (DNS responses)
+3. Parses DNS wire format to extract domain→IP mappings and TTL
+4. Updates the tracker with TTL-based expiration
+5. Snooper always returns `false` (never matches), just has side effects
+
+This approach is:
+- **Lightweight**: No extra DNS proxy needed
+- **Automatic**: Works with any DNS server
+- **Accurate**: Uses actual DNS TTL for cache expiration
+
+### Filter Table Structure
+
+For each policy, we build both IPv4 and IPv6 filter tables with OUTPUT chain rules:
+
+```
+Rule 1: DNS Snooper (always returns false)
+Rule 2-N: Policy rules (sorted by priority)
+Rule N+1: Default DROP
+```
+
+### Matchers
+
+Custom matchers implement `stack.Matcher` interface:
+
+- **protocolMatcher**: Matches transport protocol (TCP/UDP/ICMP/ICMPv6)
+- **portMatcher**: Matches destination port or port range
+- **ipMatcher**: Matches destination IP against CIDR list
+- **dnsSnooper**: Parses DNS responses, never matches
+
+### Memory Management
+
+- DNS tracker limited to 10,000 domains (configurable via `MaxDNSRecords`)
+- Expired entries cleaned every 5 minutes
+- When at capacity, expired entries cleaned first, then oldest evicted
+- Uses `sync.RWMutex` for concurrent access
+
+## Usage
+
+### Basic Usage
+
+```go
+// Load policy
+policy, err := filter.LoadPolicy("/path/to/policy.yaml")
+
+// Create virtual network
+vn, err := virtualnetwork.New(config)
+
+// Apply filtering
+fvn, err := filter.Filter(vn, policy)
+
+// Use the underlying virtual network
+network := fvn.VirtualNetwork()
+```
+
+### Policy Format
+
+See `policy.yaml` for example or user documentation at:
+https://lima-vm.io/docs/config/network/policy/
+
+## Testing
+
+- `filter_test.go` - Integration tests with gVisor stack
+- `dnssnooper_test.go` - DNS parsing and snooping tests
+- All tests use real gVisor stack, not mocks
+
+Run tests:
+```bash
+go test ./pkg/networks/usernet/filter/...
+```
+
+## Limitations
+
+1. **DNS only**: Domain tracking only works with standard DNS (UDP port 53)
+   - DoH (DNS over HTTPS) not supported
+   - DoT (DNS over TLS) not supported
+
+2. **Egress only**: Only outbound traffic is filtered
+   - Ingress filtering not implemented
+
+3. **ICMP support is incomplete**: no ICMP forwarder 
+   - See https://github.com/containers/gvisor-tap-vsock/issues/428
+
+4. **Policy immutable**: Policy cannot be updated after Filter() is called
+   - Requires network restart to apply new policy, by design
+`
+
+## Future Enhancements
+
+- [ ] Audit logging
+- [ ] Ingress filtering
+- [ ] ICMP Forwarder
+