diff --git a/api/loxinlp/nlp.go b/api/loxinlp/nlp.go
index 5f85db543..e5b61747b 100644
--- a/api/loxinlp/nlp.go
+++ b/api/loxinlp/nlp.go
@@ -86,6 +86,8 @@ type NlH struct {
 	IMap      map[string]Intf
 	BlackList string
 	BLRgx     *regexp.Regexp
+	WhiteList string
+	WLRgx     *regexp.Regexp
 }
 
 var (
@@ -98,6 +100,11 @@ func NlpRegister(hook cmn.NetHookInterface) {
 }
 
 func iSBlackListedIntf(name string, masterIdx int) bool {
+	if nNl.WhiteList != "none" {
+		filter := nNl.WLRgx.MatchString(name)
+		return !filter
+	}
+
 	if name == "lo" {
 		return true
 	}
@@ -1669,12 +1676,14 @@ func LbSessionGet(done bool) int {
 	return 0
 }
 
-func NlpInit(bgpPeerMode bool, blackList string, ipvsCompat bool) *NlH {
+func NlpInit(bgpPeerMode bool, blackList, whitelist string, ipvsCompat bool) *NlH {
 
 	nNl = new(NlH)
 
 	nNl.BlackList = blackList
 	nNl.BLRgx = regexp.MustCompile(blackList)
+	nNl.WhiteList = whitelist
+	nNl.WLRgx = regexp.MustCompile(whitelist)
 	checkInit := make(chan bool)
 	waitInit := make(chan bool)
 
diff --git a/options/options.go b/options/options.go
index 3422e7e4a..e334eb4a2 100644
--- a/options/options.go
+++ b/options/options.go
@@ -39,4 +39,5 @@ var Opts struct {
 	CloudInstance     string         `long:"cloudinstance" description:"instance-name to distinguish instance sets running in a same cloud-region"`
 	ConfigPath        string         `long:"config-path" description:"Config file path" default:"/etc/loxilb/"`
 	ProxyModeOnly     bool           `long:"proxyonlymode" description:"Run loxilb in proxy mode only, no Datapath"`
+	WhiteList         string         `long:"whitelist" description:"Regex string of whitelisted interface(experimental)" default:"none"`
 }
diff --git a/pkg/loxinet/loxinet.go b/pkg/loxinet/loxinet.go
index f691e5e35..d1dfb7cd5 100644
--- a/pkg/loxinet/loxinet.go
+++ b/pkg/loxinet/loxinet.go
@@ -317,7 +317,7 @@ func loxiNetInit() {
 	// Initialize the nlp subsystem
 	if !opts.Opts.NoNlp {
 		nlp.NlpRegister(NetAPIInit(opts.Opts.BgpPeerMode))
-		nlp.NlpInit(opts.Opts.BgpPeerMode, opts.Opts.BlackList, opts.Opts.IPVSCompat)
+		nlp.NlpInit(opts.Opts.BgpPeerMode, opts.Opts.BlackList, opts.Opts.WhiteList, opts.Opts.IPVSCompat)
 	}
 
 	// Initialize the k8s subsystem