Most items are not blocking. Please check the lists below. I'll remove the priority/release-blocker label once the blocking items have been backported.

Host endpoint

• Move direct routing configs to node_config.h. loader: Move direct routing config. to node_config.h #11594
• Add unit tests for patchHostNetdevDatapath() and nullifyStringSubstitution().
• Move last bit of bpf_host loading from init.sh to Golang. loader: Attach bpf_host to cilium_net from Golang #11598 v1.8 backports 2020-06-03 #11856
• Generate one ep_config.h header file per interface for easier debugging. loader: Header files for each host endpoint BPF program #12657
• Skip devices for which we fail to attach BPF programs instead of skipping all.
• Skip warnings on symbols instead of using nullifyStringSubstitutions().
• Ignore errors on tc filter delete for egress. loader: Check if device has BPF prog before trying to detach it #13591

Host policies

• Fix and add example of CCNP. k8s: Fix CCNP for host policies #11638
• Mark host policies as not enforced if option disabled. policy: Fix enforcement status for host endpoint #11759 v1.8 backports 2020-06-03 #11856
• Fix identity resolution after SNAT on to-netdev path. Host firewall fixes #12345 v1.8 backports 2020-07-21 #12600
• Fix host policies when using encapsulation. Enable host firewall in kube-proxy-free CI #11795 v1.8 backports 2020-06-04 #11893
• Fix missing case for ARP on from-{host,netdev} paths. Enable host firewall in kube-proxy-free CI #11795 v1.8 backports 2020-06-04 #11893
• Fix policy enforcement in case of BPF-based NodePort SNAT. bpf: Apply host firewall before NodePort SNATing #12011 Host firewall fixes #12345 v1.8 backports 2020-07-21 #12600
• Fix handling of ICMPv6 NeighborSolicitation messages. bpf: Handle ICMPv6 NS/NA in host firewall #12049 Host firewall fixes #12345 v1.8 backports 2020-07-21 #12600
• Expose as Helm variable. Enable host firewall in kube-proxy-free CI #11795 v1.8 backports 2020-06-04 #11893
• Enable host firewall in kube-proxy-free CI. Enable host firewall in kube-proxy-free CI #11795 v1.8 backports 2020-06-04 #11893
• Enable host firewall in kube-proxy CIs. test: Set devices and enable host firewall in kube-proxy CI #11969 v1.8 backports 2020-06-18 #12173
• Error/warn more loudly if loading policy while host firewall is disabled.
• Rework Node.MarshalJSON(). policy/api: Rework Rule.MarshalJSON() to ease maintainability #11651
• Fix aggregation of packet events from host firewall. Superseded by Monitor Aggregation for connections does not work with host firewall #12561
• Double check that verifier hints are still needed. bpf: split off debug options and do not run it in ci #11977
• Fix Enforcement reported as Enabled when PolicyEnforcement=always. policy: Fix enforcement status of host when PolicyEnforcement=always #12497 v1.8 backports 2020-07-15 #12536
• Create issues for externalTrafficPolicy=Local and portmap incompatibilities. Host firewall doesn't work with portmap CNI chaining #12541 Host firewall doesn't work with kube-proxy + externalTrafficPolicy=Local #12542
• Error/warn on per-endpoint-routes with host firewall. daemon: Fatal on incompatible host firewall options #12495 v1.8 backports 2020-07-15 #12536

Documentation:

• Mark as beta in documentation and option. Followups for host endpoint and firewall #11799 v1.8 backports 2020-06-19 #12203
• Write getting started guide. Getting started guide for the host firewall #12537 v1.8 backports 2020-07-21 #12600
• Write requirements and limitations in documentation. Followups for host endpoint and firewall #11799 v1.8 backports 2020-06-19 #12203
• Move examples to better location. Followups for host endpoint and firewall #11799 v1.8 backports 2020-06-19 #12203

Tests:

• Disable host firewall in CI unless label is set. Host firewall tests #12621
• Load default host policy in CIs.
• Test fromCIDR+toPorts host policies. Host firewall tests #12621
• Test host policies with proxy path.
• Test egress host policies with BPF-based SNAT Host firewall tests #12621

Node labels

• Reuse retrieveNodeInformation() to get node labels. k8s,node: Reuse retrieveNodeInformation to retrieve node labels #11659