Booting Fedora with Secure Boot enabled will result in Lockdown being enabled at boot time. This will completly disable the BPF system call for all users [1][2].
Unfortunately, this breaks the IPAddressAllow & IPAddressDeny systemd feature [3][4][5].
I don't have a solution for this, but as far as I understand, this will also prevent other BPF use-cases (for example: Cilium on Fedora CoreOS).
[1] https://src.fedoraproject.org/rpms/kernel/blob/master/f/efi-lockdown.patch#_... [2] https://git.kernel.org/pub/scm/linux/kernel/git/jforbes/linux.git/commit/?h=... [3] https://github.com/systemd/systemd/blob/master/src/core/bpf-firewall.c [4] https://github.com/systemd/systemd/blob/master/NEWS#L1192 [5] https://www.freedesktop.org/software/systemd/man/systemd.resource-control.ht...