The Side Car Model Isn't the Best for Firewalling

An application can pretty trivially buy a pass a side car if it just chooses not to send traffic through its side car. You still have that guarantee, but you're relying on the control plane to enforce that for you. It's actually fairly simple to enforce this with way points. So basically, the z tunnel knows that a particular pod that it's operating for has a way point setting in front of it. And if it receives traffic from any pot other than the way point, it will hairpin it through the way point.