We ran some performance benchmarks applying network policy to Kubernetes pods. Found that latency was (nearly) independent of the number of iptable rules applied. This is because once the session is set up, connection tracking lets subsequent packets be forwarded right away.