diff --git a/app-admin/opensnitch-ebpf-module/Manifest b/app-admin/opensnitch-ebpf-module/Manifest
index aa4b2e33d..633013803 100644
--- a/app-admin/opensnitch-ebpf-module/Manifest
+++ b/app-admin/opensnitch-ebpf-module/Manifest
@@ -1,2 +1,3 @@
 DIST opensnitch-1.6.6.gh.tar.gz 1359621 BLAKE2B b6b2fa5b13f39413deb622fc7b0ebaab1789f41f25522da2e0a86262754861e9407697362b4af3a5106f9b4f781c7f5727a089a8ae2d648aafa8994f1c4b9bf4 SHA512 2fcdcc3a6ae44b5d5ed1a436f6622e74d5834e01856c9a072bb759638192f8ba9f49cbb48bfd875978d87284a20d1206352690a0e6e5f584e247506c8829d99f
 DIST opensnitch-1.6.7.gh.tar.gz 1374914 BLAKE2B 0797f2c41db320c95b88b27b4e1f119a0b92e8fd12f35bf8fe9c73f8c642ead1be866ceedf99e819777b882b63cfdab900663910d99253475f9399f3c8922fd8 SHA512 12234304b4fb1a8af0f57a3cdfa684e91f36839fb1862e567912bcc8e9bd09adb2d837b88d6f4461647968cffe2c2260d07873c435cb50825ecb806499c8d3ca
+DIST opensnitch-1.7.2.gh.tar.gz 1670398 BLAKE2B 6b36ded42105aa37816a6676059a137e1945f62f5dcde689dbea2aa957aeb89292c8d40ce4c4b3bdabc90a4d416cb4f682ba15293bf1ebc7270939411b31c540 SHA512 7a641b574af9569d8678f819cfc7116ee61362a656289c787bea88a74baf5614f4da6571e8e23dc8055a2c59e6a04245ffea5acdefe5b4abea2140e2e649b89c
diff --git a/app-admin/opensnitch-ebpf-module/opensnitch-ebpf-module-1.7.2.ebuild b/app-admin/opensnitch-ebpf-module/opensnitch-ebpf-module-1.7.2.ebuild
new file mode 100644
index 000000000..a83ddfbd7
--- /dev/null
+++ b/app-admin/opensnitch-ebpf-module/opensnitch-ebpf-module-1.7.2.ebuild
@@ -0,0 +1,74 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit linux-info
+
+DESCRIPTION="eBPF process monitor module for opensnitch"
+HOMEPAGE="https://github.com/evilsocket/opensnitch"
+# NOTE: app-admin/opensnitch and this ebuild share the same source
+SRC_URI="
+	https://github.com/evilsocket/opensnitch/archive/refs/tags/v${PV}.tar.gz -> opensnitch-${PV}.gh.tar.gz
+"
+
+S="${WORKDIR}/opensnitch-${PV}"
+LICENSE="GPL-3"
+SLOT="0"
+#KEYWORDS="amd64"
+IUSE="dist-kernel"
+
+EBPF_DIR=ebpf_prog
+MINKV=5.5 # only compatible with kernels >= 5.5
+
+RDEPEND="
+	dist-kernel? ( virtual/dist-kernel:= )
+	~app-admin/opensnitch-$PV
+"
+
+DEPEND="
+	virtual/linux-sources
+	>=sys-kernel/linux-headers-${MINKV}
+"
+
+BDEPEND="
+	sys-devel/bc
+	llvm-core/clang
+	llvm-core/llvm
+"
+
+RESTRICT="strip test"
+QA_PREBUILT="*"
+
+pkg_setup() {
+	# see https://github.com/evilsocket/opensnitch/discussions/978
+	local CONFIG_CHECK="
+		CGROUP_BPF
+		BPF_EVENTS
+		FTRACE_SYSCALLS
+		KPROBES_ON_FTRACE
+		KPROBE_EVENTS
+		UPROBE_EVENTS
+	"
+
+	linux-info_pkg_setup
+	kernel_is -ge ${MINKV//./ } || die "Kernel version at least ${MINKV} required"
+}
+
+src_compile() {
+	MODULES_MAKEARGS+=(
+		ARCH="x86"
+		EXTRA_FLAGS="-fno-stack-protector -fcf-protection"
+		KERNEL_DIR="${KV_DIR}"
+		KERNEL_HEADERS=/usr # gentoo installs linux-headers to /usr
+	)
+	emake "${MODULES_MAKEARGS[@]}" -C "$EBPF_DIR" || die
+	llvm-strip -g "$EBPF_DIR"/opensnitch*.o
+}
+
+src_install(){
+	insinto /usr/lib/opensnitchd/ebpf/
+	doins "$EBPF_DIR"/opensnitch.o
+	doins "$EBPF_DIR"/opensnitch-dns.o
+	doins "$EBPF_DIR"/opensnitch-procs.o
+}