diff --git a/extensions/v1alpha1/wasm.gen.json b/extensions/v1alpha1/wasm.gen.json
index 80e9e0c296a..9bfcaf59043 100644
--- a/extensions/v1alpha1/wasm.gen.json
+++ b/extensions/v1alpha1/wasm.gen.json
@@ -6,6 +6,24 @@
   },
   "components": {
     "schemas": {
+      "istio.extensions.v1alpha1.CapabilityRestriction": {
+        "description": "Capability restriction enforces limits on the Wasm ABI calls.",
+        "type": "object",
+        "properties": {
+          "set": {
+            "$ref": "#/components/schemas/istio.extensions.v1alpha1.CapabilitySet"
+          }
+        }
+      },
+      "istio.extensions.v1alpha1.CapabilitySet": {
+        "description": "A set of capabilities in the increasing order.",
+        "type": "string",
+        "enum": [
+          "DEFAULT",
+          "BASIC",
+          "ADVANCED"
+        ]
+      },
       "istio.extensions.v1alpha1.EnvValueSource": {
         "type": "string",
         "enum": [
@@ -29,6 +47,28 @@
           }
         }
       },
+      "istio.extensions.v1alpha1.EventRestriction": {
+        "description": "Event restrictions enforces limits on the callback to the Wasm module.",
+        "type": "object",
+        "properties": {
+          "OnRequestHeaders": {
+            "description": "Trigger Wasm execution on receiving the request headers.",
+            "type": "boolean"
+          },
+          "OnRequestBody": {
+            "description": "Trigger Wasm execution on receiving the request body.",
+            "type": "boolean"
+          },
+          "OnResponseHeaders": {
+            "description": "Trigger Wasm execution on receiving the response headers.",
+            "type": "boolean"
+          },
+          "OnResponseBody": {
+            "description": "Trigger Wasm execution on receiving the response body.",
+            "type": "boolean"
+          }
+        }
+      },
       "istio.extensions.v1alpha1.PluginPhase": {
         "description": "The phase in the filter chain where the plugin will be injected.",
         "type": "string",
@@ -112,6 +152,12 @@
             "items": {
               "$ref": "#/components/schemas/istio.extensions.v1alpha1.WasmPlugin.TrafficSelector"
             }
+          },
+          "capabilities": {
+            "$ref": "#/components/schemas/istio.extensions.v1alpha1.CapabilityRestriction"
+          },
+          "events": {
+            "$ref": "#/components/schemas/istio.extensions.v1alpha1.EventRestriction"
           }
         }
       },
diff --git a/extensions/v1alpha1/wasm.pb.go b/extensions/v1alpha1/wasm.pb.go
index 10d7ccce6f0..e228f9de476 100644
--- a/extensions/v1alpha1/wasm.pb.go
+++ b/extensions/v1alpha1/wasm.pb.go
@@ -224,6 +224,68 @@ const (
 	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
 )
 
+// A set of capabilities in the increasing order.
+type CapabilitySet int32
+
+const (
+	// The default set is the safe and the recommended setting.
+	// The following ABI calls are permitted:
+	// * logging;
+	// * property read.
+	CapabilitySet_DEFAULT CapabilitySet = 0
+	// The basic set is the superset of the default set with extra capabilities that can cause
+	// stability or performance problems.
+	// The following additional ABI calls are permitted:
+	// * metrics;
+	// * timers;
+	// * side requests (HTTP and gRPC).
+	CapabilitySet_BASIC CapabilitySet = 1
+	// The advanced set has no restrictions on the ABI calls. This is not
+	// recommended for use with untrusted modules.
+	CapabilitySet_ADVANCED CapabilitySet = 2
+)
+
+// Enum value maps for CapabilitySet.
+var (
+	CapabilitySet_name = map[int32]string{
+		0: "DEFAULT",
+		1: "BASIC",
+		2: "ADVANCED",
+	}
+	CapabilitySet_value = map[string]int32{
+		"DEFAULT":  0,
+		"BASIC":    1,
+		"ADVANCED": 2,
+	}
+)
+
+func (x CapabilitySet) Enum() *CapabilitySet {
+	p := new(CapabilitySet)
+	*p = x
+	return p
+}
+
+func (x CapabilitySet) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (CapabilitySet) Descriptor() protoreflect.EnumDescriptor {
+	return file_extensions_v1alpha1_wasm_proto_enumTypes[0].Descriptor()
+}
+
+func (CapabilitySet) Type() protoreflect.EnumType {
+	return &file_extensions_v1alpha1_wasm_proto_enumTypes[0]
+}
+
+func (x CapabilitySet) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use CapabilitySet.Descriptor instead.
+func (CapabilitySet) EnumDescriptor() ([]byte, []int) {
+	return file_extensions_v1alpha1_wasm_proto_rawDescGZIP(), []int{0}
+}
+
 // The phase in the filter chain where the plugin will be injected.
 type PluginPhase int32
 
@@ -267,11 +329,11 @@ func (x PluginPhase) String() string {
 }
 
 func (PluginPhase) Descriptor() protoreflect.EnumDescriptor {
-	return file_extensions_v1alpha1_wasm_proto_enumTypes[0].Descriptor()
+	return file_extensions_v1alpha1_wasm_proto_enumTypes[1].Descriptor()
 }
 
 func (PluginPhase) Type() protoreflect.EnumType {
-	return &file_extensions_v1alpha1_wasm_proto_enumTypes[0]
+	return &file_extensions_v1alpha1_wasm_proto_enumTypes[1]
 }
 
 func (x PluginPhase) Number() protoreflect.EnumNumber {
@@ -280,7 +342,7 @@ func (x PluginPhase) Number() protoreflect.EnumNumber {
 
 // Deprecated: Use PluginPhase.Descriptor instead.
 func (PluginPhase) EnumDescriptor() ([]byte, []int) {
-	return file_extensions_v1alpha1_wasm_proto_rawDescGZIP(), []int{0}
+	return file_extensions_v1alpha1_wasm_proto_rawDescGZIP(), []int{1}
 }
 
 // The pull behaviour to be applied when fetching a Wam module,
@@ -329,11 +391,11 @@ func (x PullPolicy) String() string {
 }
 
 func (PullPolicy) Descriptor() protoreflect.EnumDescriptor {
-	return file_extensions_v1alpha1_wasm_proto_enumTypes[1].Descriptor()
+	return file_extensions_v1alpha1_wasm_proto_enumTypes[2].Descriptor()
 }
 
 func (PullPolicy) Type() protoreflect.EnumType {
-	return &file_extensions_v1alpha1_wasm_proto_enumTypes[1]
+	return &file_extensions_v1alpha1_wasm_proto_enumTypes[2]
 }
 
 func (x PullPolicy) Number() protoreflect.EnumNumber {
@@ -342,7 +404,7 @@ func (x PullPolicy) Number() protoreflect.EnumNumber {
 
 // Deprecated: Use PullPolicy.Descriptor instead.
 func (PullPolicy) EnumDescriptor() ([]byte, []int) {
-	return file_extensions_v1alpha1_wasm_proto_rawDescGZIP(), []int{1}
+	return file_extensions_v1alpha1_wasm_proto_rawDescGZIP(), []int{2}
 }
 
 type EnvValueSource int32
@@ -377,11 +439,11 @@ func (x EnvValueSource) String() string {
 }
 
 func (EnvValueSource) Descriptor() protoreflect.EnumDescriptor {
-	return file_extensions_v1alpha1_wasm_proto_enumTypes[2].Descriptor()
+	return file_extensions_v1alpha1_wasm_proto_enumTypes[3].Descriptor()
 }
 
 func (EnvValueSource) Type() protoreflect.EnumType {
-	return &file_extensions_v1alpha1_wasm_proto_enumTypes[2]
+	return &file_extensions_v1alpha1_wasm_proto_enumTypes[3]
 }
 
 func (x EnvValueSource) Number() protoreflect.EnumNumber {
@@ -390,7 +452,7 @@ func (x EnvValueSource) Number() protoreflect.EnumNumber {
 
 // Deprecated: Use EnvValueSource.Descriptor instead.
 func (EnvValueSource) EnumDescriptor() ([]byte, []int) {
-	return file_extensions_v1alpha1_wasm_proto_rawDescGZIP(), []int{2}
+	return file_extensions_v1alpha1_wasm_proto_rawDescGZIP(), []int{3}
 }
 
 // WasmPlugins provides a mechanism to extend the functionality provided by
@@ -497,6 +559,12 @@ type WasmPlugin struct {
 	// If a traffic satisfies any of TrafficSelectors,
 	// the traffic passes the WasmPlugin.
 	Match []*WasmPlugin_TrafficSelector `protobuf:"bytes,12,rep,name=match,proto3" json:"match,omitempty"`
+	// Specifies the restrictions on the execution of the module via limiting access
+	// to the host ABI calls. If not set, uses the default capability set.
+	Capabilities *CapabilityRestriction `protobuf:"bytes,13,opt,name=capabilities,proto3" json:"capabilities,omitempty"`
+	// Specifies the restrictions on the callbacks from the host to the module.
+	// If not set, places no restrictions.
+	Events *EventRestriction `protobuf:"bytes,14,opt,name=events,proto3" json:"events,omitempty"`
 }
 
 func (x *WasmPlugin) Reset() {
@@ -615,6 +683,145 @@ func (x *WasmPlugin) GetMatch() []*WasmPlugin_TrafficSelector {
 	return nil
 }
 
+func (x *WasmPlugin) GetCapabilities() *CapabilityRestriction {
+	if x != nil {
+		return x.Capabilities
+	}
+	return nil
+}
+
+func (x *WasmPlugin) GetEvents() *EventRestriction {
+	if x != nil {
+		return x.Events
+	}
+	return nil
+}
+
+// Capability restriction enforces limits on the Wasm ABI calls.
+type CapabilityRestriction struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The capability group to limit the ABI calls.
+	Set CapabilitySet `protobuf:"varint,1,opt,name=set,proto3,enum=istio.extensions.v1alpha1.CapabilitySet" json:"set,omitempty"`
+}
+
+func (x *CapabilityRestriction) Reset() {
+	*x = CapabilityRestriction{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_extensions_v1alpha1_wasm_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CapabilityRestriction) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CapabilityRestriction) ProtoMessage() {}
+
+func (x *CapabilityRestriction) ProtoReflect() protoreflect.Message {
+	mi := &file_extensions_v1alpha1_wasm_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CapabilityRestriction.ProtoReflect.Descriptor instead.
+func (*CapabilityRestriction) Descriptor() ([]byte, []int) {
+	return file_extensions_v1alpha1_wasm_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *CapabilityRestriction) GetSet() CapabilitySet {
+	if x != nil {
+		return x.Set
+	}
+	return CapabilitySet_DEFAULT
+}
+
+// Event restrictions enforces limits on the callback to the Wasm module.
+type EventRestriction struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Trigger Wasm execution on receiving the request headers.
+	OnRequestHeaders bool `protobuf:"varint,1,opt,name=OnRequestHeaders,proto3" json:"OnRequestHeaders,omitempty"`
+	// Trigger Wasm execution on receiving the request body.
+	OnRequestBody bool `protobuf:"varint,2,opt,name=OnRequestBody,proto3" json:"OnRequestBody,omitempty"`
+	// Trigger Wasm execution on receiving the response headers.
+	OnResponseHeaders bool `protobuf:"varint,3,opt,name=OnResponseHeaders,proto3" json:"OnResponseHeaders,omitempty"`
+	// Trigger Wasm execution on receiving the response body.
+	OnResponseBody bool `protobuf:"varint,4,opt,name=OnResponseBody,proto3" json:"OnResponseBody,omitempty"`
+}
+
+func (x *EventRestriction) Reset() {
+	*x = EventRestriction{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_extensions_v1alpha1_wasm_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EventRestriction) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EventRestriction) ProtoMessage() {}
+
+func (x *EventRestriction) ProtoReflect() protoreflect.Message {
+	mi := &file_extensions_v1alpha1_wasm_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EventRestriction.ProtoReflect.Descriptor instead.
+func (*EventRestriction) Descriptor() ([]byte, []int) {
+	return file_extensions_v1alpha1_wasm_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *EventRestriction) GetOnRequestHeaders() bool {
+	if x != nil {
+		return x.OnRequestHeaders
+	}
+	return false
+}
+
+func (x *EventRestriction) GetOnRequestBody() bool {
+	if x != nil {
+		return x.OnRequestBody
+	}
+	return false
+}
+
+func (x *EventRestriction) GetOnResponseHeaders() bool {
+	if x != nil {
+		return x.OnResponseHeaders
+	}
+	return false
+}
+
+func (x *EventRestriction) GetOnResponseBody() bool {
+	if x != nil {
+		return x.OnResponseBody
+	}
+	return false
+}
+
 // Configuration for a Wasm VM.
 // more details can be found [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/wasm/v3/wasm.proto#extensions-wasm-v3-vmconfig).
 type VmConfig struct {
@@ -630,7 +837,7 @@ type VmConfig struct {
 func (x *VmConfig) Reset() {
 	*x = VmConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_extensions_v1alpha1_wasm_proto_msgTypes[1]
+		mi := &file_extensions_v1alpha1_wasm_proto_msgTypes[3]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -643,7 +850,7 @@ func (x *VmConfig) String() string {
 func (*VmConfig) ProtoMessage() {}
 
 func (x *VmConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_extensions_v1alpha1_wasm_proto_msgTypes[1]
+	mi := &file_extensions_v1alpha1_wasm_proto_msgTypes[3]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -656,7 +863,7 @@ func (x *VmConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use VmConfig.ProtoReflect.Descriptor instead.
 func (*VmConfig) Descriptor() ([]byte, []int) {
-	return file_extensions_v1alpha1_wasm_proto_rawDescGZIP(), []int{1}
+	return file_extensions_v1alpha1_wasm_proto_rawDescGZIP(), []int{3}
 }
 
 func (x *VmConfig) GetEnv() []*EnvVar {
@@ -686,7 +893,7 @@ type EnvVar struct {
 func (x *EnvVar) Reset() {
 	*x = EnvVar{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_extensions_v1alpha1_wasm_proto_msgTypes[2]
+		mi := &file_extensions_v1alpha1_wasm_proto_msgTypes[4]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -699,7 +906,7 @@ func (x *EnvVar) String() string {
 func (*EnvVar) ProtoMessage() {}
 
 func (x *EnvVar) ProtoReflect() protoreflect.Message {
-	mi := &file_extensions_v1alpha1_wasm_proto_msgTypes[2]
+	mi := &file_extensions_v1alpha1_wasm_proto_msgTypes[4]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -712,7 +919,7 @@ func (x *EnvVar) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use EnvVar.ProtoReflect.Descriptor instead.
 func (*EnvVar) Descriptor() ([]byte, []int) {
-	return file_extensions_v1alpha1_wasm_proto_rawDescGZIP(), []int{2}
+	return file_extensions_v1alpha1_wasm_proto_rawDescGZIP(), []int{4}
 }
 
 func (x *EnvVar) GetName() string {
@@ -764,7 +971,7 @@ type WasmPlugin_TrafficSelector struct {
 func (x *WasmPlugin_TrafficSelector) Reset() {
 	*x = WasmPlugin_TrafficSelector{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_extensions_v1alpha1_wasm_proto_msgTypes[3]
+		mi := &file_extensions_v1alpha1_wasm_proto_msgTypes[5]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -777,7 +984,7 @@ func (x *WasmPlugin_TrafficSelector) String() string {
 func (*WasmPlugin_TrafficSelector) ProtoMessage() {}
 
 func (x *WasmPlugin_TrafficSelector) ProtoReflect() protoreflect.Message {
-	mi := &file_extensions_v1alpha1_wasm_proto_msgTypes[3]
+	mi := &file_extensions_v1alpha1_wasm_proto_msgTypes[5]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -819,7 +1026,7 @@ var file_extensions_v1alpha1_wasm_proto_rawDesc = []byte{
 	0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72,
 	0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x74, 0x79, 0x70, 0x65, 0x2f,
 	0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x88, 0x06, 0x0a, 0x0a, 0x57, 0x61, 0x73, 0x6d, 0x50,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa3, 0x07, 0x0a, 0x0a, 0x57, 0x61, 0x73, 0x6d, 0x50,
 	0x6c, 0x75, 0x67, 0x69, 0x6e, 0x12, 0x40, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f,
 	0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e,
 	0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72,
@@ -860,40 +1067,71 @@ var file_extensions_v1alpha1_wasm_proto_rawDesc = []byte{
 	0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x57,
 	0x61, 0x73, 0x6d, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69,
 	0x63, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68,
-	0x1a, 0x7f, 0x0a, 0x0f, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x53, 0x65, 0x6c, 0x65, 0x63,
-	0x74, 0x6f, 0x72, 0x12, 0x34, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0e, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76,
-	0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x4d,
-	0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x36, 0x0a, 0x05, 0x70, 0x6f, 0x72,
-	0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f,
-	0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f,
-	0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74,
-	0x73, 0x22, 0x3f, 0x0a, 0x08, 0x56, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x33, 0x0a,
-	0x03, 0x65, 0x6e, 0x76, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74,
-	0x69, 0x6f, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x52, 0x03, 0x65,
-	0x6e, 0x76, 0x22, 0x7c, 0x0a, 0x06, 0x45, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x12, 0x12, 0x0a, 0x04,
-	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65,
-	0x12, 0x48, 0x0a, 0x0a, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x0e, 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x65, 0x78, 0x74,
-	0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x45, 0x6e, 0x76, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52,
-	0x09, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x46, 0x72, 0x6f, 0x6d, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61,
-	0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
-	0x2a, 0x45, 0x0a, 0x0b, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x50, 0x68, 0x61, 0x73, 0x65, 0x12,
-	0x15, 0x0a, 0x11, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x5f, 0x50,
-	0x48, 0x41, 0x53, 0x45, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x55, 0x54, 0x48, 0x4e, 0x10,
-	0x01, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x55, 0x54, 0x48, 0x5a, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05,
-	0x53, 0x54, 0x41, 0x54, 0x53, 0x10, 0x03, 0x2a, 0x42, 0x0a, 0x0a, 0x50, 0x75, 0x6c, 0x6c, 0x50,
-	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x16, 0x0a, 0x12, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49,
-	0x46, 0x49, 0x45, 0x44, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x10, 0x00, 0x12, 0x10, 0x0a,
-	0x0c, 0x49, 0x66, 0x4e, 0x6f, 0x74, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x01, 0x12,
-	0x0a, 0x0a, 0x06, 0x41, 0x6c, 0x77, 0x61, 0x79, 0x73, 0x10, 0x02, 0x2a, 0x26, 0x0a, 0x0e, 0x45,
-	0x6e, 0x76, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x0a, 0x0a,
-	0x06, 0x49, 0x4e, 0x4c, 0x49, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x4f, 0x53,
-	0x54, 0x10, 0x01, 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f,
-	0x61, 0x70, 0x69, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x12, 0x54, 0x0a, 0x0c, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73,
+	0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x65,
+	0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73,
+	0x74, 0x72, 0x69, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69,
+	0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x43, 0x0a, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73,
+	0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x65,
+	0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x74, 0x72, 0x69, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x1a, 0x7f, 0x0a, 0x0f, 0x54,
+	0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x34,
+	0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, 0x69,
+	0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61,
+	0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04,
+	0x6d, 0x6f, 0x64, 0x65, 0x12, 0x36, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65,
+	0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c,
+	0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x22, 0x53, 0x0a, 0x15,
+	0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x74, 0x72, 0x69,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3a, 0x0a, 0x03, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0e, 0x32, 0x28, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e,
+	0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43,
+	0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x53, 0x65, 0x74, 0x52, 0x03, 0x73, 0x65,
+	0x74, 0x22, 0xba, 0x01, 0x0a, 0x10, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x74, 0x72,
+	0x69, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x10, 0x4f, 0x6e, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x10, 0x4f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65,
+	0x72, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x4f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x42,
+	0x6f, 0x64, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x4f, 0x6e, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x2c, 0x0a, 0x11, 0x4f, 0x6e, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x11, 0x4f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x4f, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x42, 0x6f, 0x64, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e,
+	0x4f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x6f, 0x64, 0x79, 0x22, 0x3f,
+	0x0a, 0x08, 0x56, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x33, 0x0a, 0x03, 0x65, 0x6e,
+	0x76, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e,
+	0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x45, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x52, 0x03, 0x65, 0x6e, 0x76, 0x22,
+	0x7c, 0x0a, 0x06, 0x45, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x48, 0x0a,
+	0x0a, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x0e, 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73,
+	0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x6e,
+	0x76, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x09, 0x76, 0x61,
+	0x6c, 0x75, 0x65, 0x46, 0x72, 0x6f, 0x6d, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x2a, 0x35, 0x0a,
+	0x0d, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x53, 0x65, 0x74, 0x12, 0x0b,
+	0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x42,
+	0x41, 0x53, 0x49, 0x43, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x41, 0x44, 0x56, 0x41, 0x4e, 0x43,
+	0x45, 0x44, 0x10, 0x02, 0x2a, 0x45, 0x0a, 0x0b, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x50, 0x68,
+	0x61, 0x73, 0x65, 0x12, 0x15, 0x0a, 0x11, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49,
+	0x45, 0x44, 0x5f, 0x50, 0x48, 0x41, 0x53, 0x45, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x55,
+	0x54, 0x48, 0x4e, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x55, 0x54, 0x48, 0x5a, 0x10, 0x02,
+	0x12, 0x09, 0x0a, 0x05, 0x53, 0x54, 0x41, 0x54, 0x53, 0x10, 0x03, 0x2a, 0x42, 0x0a, 0x0a, 0x50,
+	0x75, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x16, 0x0a, 0x12, 0x55, 0x4e, 0x53,
+	0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x10,
+	0x00, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x66, 0x4e, 0x6f, 0x74, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e,
+	0x74, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x6c, 0x77, 0x61, 0x79, 0x73, 0x10, 0x02, 0x2a,
+	0x26, 0x0a, 0x0e, 0x45, 0x6e, 0x76, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x53, 0x6f, 0x75, 0x72, 0x63,
+	0x65, 0x12, 0x0a, 0x0a, 0x06, 0x49, 0x4e, 0x4c, 0x49, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x08, 0x0a,
+	0x04, 0x48, 0x4f, 0x53, 0x54, 0x10, 0x01, 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, 0x69, 0x6f,
+	0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f,
+	0x6e, 0x73, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x33,
 }
 
 var (
@@ -908,39 +1146,45 @@ func file_extensions_v1alpha1_wasm_proto_rawDescGZIP() []byte {
 	return file_extensions_v1alpha1_wasm_proto_rawDescData
 }
 
-var file_extensions_v1alpha1_wasm_proto_enumTypes = make([]protoimpl.EnumInfo, 3)
-var file_extensions_v1alpha1_wasm_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
+var file_extensions_v1alpha1_wasm_proto_enumTypes = make([]protoimpl.EnumInfo, 4)
+var file_extensions_v1alpha1_wasm_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
 var file_extensions_v1alpha1_wasm_proto_goTypes = []interface{}{
-	(PluginPhase)(0),                   // 0: istio.extensions.v1alpha1.PluginPhase
-	(PullPolicy)(0),                    // 1: istio.extensions.v1alpha1.PullPolicy
-	(EnvValueSource)(0),                // 2: istio.extensions.v1alpha1.EnvValueSource
-	(*WasmPlugin)(nil),                 // 3: istio.extensions.v1alpha1.WasmPlugin
-	(*VmConfig)(nil),                   // 4: istio.extensions.v1alpha1.VmConfig
-	(*EnvVar)(nil),                     // 5: istio.extensions.v1alpha1.EnvVar
-	(*WasmPlugin_TrafficSelector)(nil), // 6: istio.extensions.v1alpha1.WasmPlugin.TrafficSelector
-	(*v1beta1.WorkloadSelector)(nil),   // 7: istio.type.v1beta1.WorkloadSelector
-	(*_struct.Struct)(nil),             // 8: google.protobuf.Struct
-	(*wrappers.Int32Value)(nil),        // 9: google.protobuf.Int32Value
-	(v1beta1.WorkloadMode)(0),          // 10: istio.type.v1beta1.WorkloadMode
-	(*v1beta1.PortSelector)(nil),       // 11: istio.type.v1beta1.PortSelector
+	(CapabilitySet)(0),                 // 0: istio.extensions.v1alpha1.CapabilitySet
+	(PluginPhase)(0),                   // 1: istio.extensions.v1alpha1.PluginPhase
+	(PullPolicy)(0),                    // 2: istio.extensions.v1alpha1.PullPolicy
+	(EnvValueSource)(0),                // 3: istio.extensions.v1alpha1.EnvValueSource
+	(*WasmPlugin)(nil),                 // 4: istio.extensions.v1alpha1.WasmPlugin
+	(*CapabilityRestriction)(nil),      // 5: istio.extensions.v1alpha1.CapabilityRestriction
+	(*EventRestriction)(nil),           // 6: istio.extensions.v1alpha1.EventRestriction
+	(*VmConfig)(nil),                   // 7: istio.extensions.v1alpha1.VmConfig
+	(*EnvVar)(nil),                     // 8: istio.extensions.v1alpha1.EnvVar
+	(*WasmPlugin_TrafficSelector)(nil), // 9: istio.extensions.v1alpha1.WasmPlugin.TrafficSelector
+	(*v1beta1.WorkloadSelector)(nil),   // 10: istio.type.v1beta1.WorkloadSelector
+	(*_struct.Struct)(nil),             // 11: google.protobuf.Struct
+	(*wrappers.Int32Value)(nil),        // 12: google.protobuf.Int32Value
+	(v1beta1.WorkloadMode)(0),          // 13: istio.type.v1beta1.WorkloadMode
+	(*v1beta1.PortSelector)(nil),       // 14: istio.type.v1beta1.PortSelector
 }
 var file_extensions_v1alpha1_wasm_proto_depIdxs = []int32{
-	7,  // 0: istio.extensions.v1alpha1.WasmPlugin.selector:type_name -> istio.type.v1beta1.WorkloadSelector
-	1,  // 1: istio.extensions.v1alpha1.WasmPlugin.image_pull_policy:type_name -> istio.extensions.v1alpha1.PullPolicy
-	8,  // 2: istio.extensions.v1alpha1.WasmPlugin.plugin_config:type_name -> google.protobuf.Struct
-	0,  // 3: istio.extensions.v1alpha1.WasmPlugin.phase:type_name -> istio.extensions.v1alpha1.PluginPhase
-	9,  // 4: istio.extensions.v1alpha1.WasmPlugin.priority:type_name -> google.protobuf.Int32Value
-	4,  // 5: istio.extensions.v1alpha1.WasmPlugin.vm_config:type_name -> istio.extensions.v1alpha1.VmConfig
-	6,  // 6: istio.extensions.v1alpha1.WasmPlugin.match:type_name -> istio.extensions.v1alpha1.WasmPlugin.TrafficSelector
-	5,  // 7: istio.extensions.v1alpha1.VmConfig.env:type_name -> istio.extensions.v1alpha1.EnvVar
-	2,  // 8: istio.extensions.v1alpha1.EnvVar.value_from:type_name -> istio.extensions.v1alpha1.EnvValueSource
-	10, // 9: istio.extensions.v1alpha1.WasmPlugin.TrafficSelector.mode:type_name -> istio.type.v1beta1.WorkloadMode
-	11, // 10: istio.extensions.v1alpha1.WasmPlugin.TrafficSelector.ports:type_name -> istio.type.v1beta1.PortSelector
-	11, // [11:11] is the sub-list for method output_type
-	11, // [11:11] is the sub-list for method input_type
-	11, // [11:11] is the sub-list for extension type_name
-	11, // [11:11] is the sub-list for extension extendee
-	0,  // [0:11] is the sub-list for field type_name
+	10, // 0: istio.extensions.v1alpha1.WasmPlugin.selector:type_name -> istio.type.v1beta1.WorkloadSelector
+	2,  // 1: istio.extensions.v1alpha1.WasmPlugin.image_pull_policy:type_name -> istio.extensions.v1alpha1.PullPolicy
+	11, // 2: istio.extensions.v1alpha1.WasmPlugin.plugin_config:type_name -> google.protobuf.Struct
+	1,  // 3: istio.extensions.v1alpha1.WasmPlugin.phase:type_name -> istio.extensions.v1alpha1.PluginPhase
+	12, // 4: istio.extensions.v1alpha1.WasmPlugin.priority:type_name -> google.protobuf.Int32Value
+	7,  // 5: istio.extensions.v1alpha1.WasmPlugin.vm_config:type_name -> istio.extensions.v1alpha1.VmConfig
+	9,  // 6: istio.extensions.v1alpha1.WasmPlugin.match:type_name -> istio.extensions.v1alpha1.WasmPlugin.TrafficSelector
+	5,  // 7: istio.extensions.v1alpha1.WasmPlugin.capabilities:type_name -> istio.extensions.v1alpha1.CapabilityRestriction
+	6,  // 8: istio.extensions.v1alpha1.WasmPlugin.events:type_name -> istio.extensions.v1alpha1.EventRestriction
+	0,  // 9: istio.extensions.v1alpha1.CapabilityRestriction.set:type_name -> istio.extensions.v1alpha1.CapabilitySet
+	8,  // 10: istio.extensions.v1alpha1.VmConfig.env:type_name -> istio.extensions.v1alpha1.EnvVar
+	3,  // 11: istio.extensions.v1alpha1.EnvVar.value_from:type_name -> istio.extensions.v1alpha1.EnvValueSource
+	13, // 12: istio.extensions.v1alpha1.WasmPlugin.TrafficSelector.mode:type_name -> istio.type.v1beta1.WorkloadMode
+	14, // 13: istio.extensions.v1alpha1.WasmPlugin.TrafficSelector.ports:type_name -> istio.type.v1beta1.PortSelector
+	14, // [14:14] is the sub-list for method output_type
+	14, // [14:14] is the sub-list for method input_type
+	14, // [14:14] is the sub-list for extension type_name
+	14, // [14:14] is the sub-list for extension extendee
+	0,  // [0:14] is the sub-list for field type_name
 }
 
 func init() { file_extensions_v1alpha1_wasm_proto_init() }
@@ -962,7 +1206,7 @@ func file_extensions_v1alpha1_wasm_proto_init() {
 			}
 		}
 		file_extensions_v1alpha1_wasm_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*VmConfig); i {
+			switch v := v.(*CapabilityRestriction); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -974,7 +1218,7 @@ func file_extensions_v1alpha1_wasm_proto_init() {
 			}
 		}
 		file_extensions_v1alpha1_wasm_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*EnvVar); i {
+			switch v := v.(*EventRestriction); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -986,6 +1230,30 @@ func file_extensions_v1alpha1_wasm_proto_init() {
 			}
 		}
 		file_extensions_v1alpha1_wasm_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*VmConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_extensions_v1alpha1_wasm_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*EnvVar); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_extensions_v1alpha1_wasm_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*WasmPlugin_TrafficSelector); i {
 			case 0:
 				return &v.state
@@ -1003,8 +1271,8 @@ func file_extensions_v1alpha1_wasm_proto_init() {
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_extensions_v1alpha1_wasm_proto_rawDesc,
-			NumEnums:      3,
-			NumMessages:   4,
+			NumEnums:      4,
+			NumMessages:   6,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/extensions/v1alpha1/wasm.pb.html b/extensions/v1alpha1/wasm.pb.html
index 381752ee81f..9cdbe88eae0 100644
--- a/extensions/v1alpha1/wasm.pb.html
+++ b/extensions/v1alpha1/wasm.pb.html
@@ -6,7 +6,7 @@
 generator: protoc-gen-docs
 schema: istio.extensions.v1alpha1.WasmPlugin
 aliases: [/docs/reference/config/extensions/v1alpha1/wasm-plugin]
-number_of_entries: 7
+number_of_entries: 10
 ---
 <p>WasmPlugins provides a mechanism to extend the functionality provided by
 the Istio proxy through WebAssembly filters.</p>
@@ -329,6 +329,119 @@ <h2 id="WasmPlugin">WasmPlugin</h2>
 If a traffic satisfies any of TrafficSelectors,
 the traffic passes the WasmPlugin.</p>
 
+</td>
+<td>
+No
+</td>
+</tr>
+<tr id="WasmPlugin-capabilities">
+<td><code>capabilities</code></td>
+<td><code><a href="#CapabilityRestriction">CapabilityRestriction</a></code></td>
+<td>
+<p>Specifies the restrictions on the execution of the module via limiting access
+to the host ABI calls. If not set, uses the default capability set.</p>
+
+</td>
+<td>
+No
+</td>
+</tr>
+<tr id="WasmPlugin-events">
+<td><code>events</code></td>
+<td><code><a href="#EventRestriction">EventRestriction</a></code></td>
+<td>
+<p>Specifies the restrictions on the callbacks from the host to the module.
+If not set, places no restrictions.</p>
+
+</td>
+<td>
+No
+</td>
+</tr>
+</tbody>
+</table>
+</section>
+<h2 id="CapabilityRestriction">CapabilityRestriction</h2>
+<section>
+<p>Capability restriction enforces limits on the Wasm ABI calls.</p>
+
+<table class="message-fields">
+<thead>
+<tr>
+<th>Field</th>
+<th>Type</th>
+<th>Description</th>
+<th>Required</th>
+</tr>
+</thead>
+<tbody>
+<tr id="CapabilityRestriction-set">
+<td><code>set</code></td>
+<td><code><a href="#CapabilitySet">CapabilitySet</a></code></td>
+<td>
+<p>The capability group to limit the ABI calls.</p>
+
+</td>
+<td>
+No
+</td>
+</tr>
+</tbody>
+</table>
+</section>
+<h2 id="EventRestriction">EventRestriction</h2>
+<section>
+<p>Event restrictions enforces limits on the callback to the Wasm module.</p>
+
+<table class="message-fields">
+<thead>
+<tr>
+<th>Field</th>
+<th>Type</th>
+<th>Description</th>
+<th>Required</th>
+</tr>
+</thead>
+<tbody>
+<tr id="EventRestriction-OnRequestHeaders">
+<td><code>OnRequestHeaders</code></td>
+<td><code>bool</code></td>
+<td>
+<p>Trigger Wasm execution on receiving the request headers.</p>
+
+</td>
+<td>
+No
+</td>
+</tr>
+<tr id="EventRestriction-OnRequestBody">
+<td><code>OnRequestBody</code></td>
+<td><code>bool</code></td>
+<td>
+<p>Trigger Wasm execution on receiving the request body.</p>
+
+</td>
+<td>
+No
+</td>
+</tr>
+<tr id="EventRestriction-OnResponseHeaders">
+<td><code>OnResponseHeaders</code></td>
+<td><code>bool</code></td>
+<td>
+<p>Trigger Wasm execution on receiving the response headers.</p>
+
+</td>
+<td>
+No
+</td>
+</tr>
+<tr id="EventRestriction-OnResponseBody">
+<td><code>OnResponseBody</code></td>
+<td><code>bool</code></td>
+<td>
+<p>Trigger Wasm execution on receiving the response body.</p>
+
 </td>
 <td>
 No
@@ -465,6 +578,55 @@ <h2 id="WasmPlugin-TrafficSelector">WasmPlugin.TrafficSelector</h2>
 </td>
 <td>
 No
+</td>
+</tr>
+</tbody>
+</table>
+</section>
+<h2 id="CapabilitySet">CapabilitySet</h2>
+<section>
+<p>A set of capabilities in the increasing order.</p>
+
+<table class="enum-values">
+<thead>
+<tr>
+<th>Name</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr id="CapabilitySet-DEFAULT">
+<td><code>DEFAULT</code></td>
+<td>
+<p>The default set is the safe and the recommended setting.
+The following ABI calls are permitted:</p>
+<ul>
+<li>logging;</li>
+<li>property read.</li>
+</ul>
+
+</td>
+</tr>
+<tr id="CapabilitySet-BASIC">
+<td><code>BASIC</code></td>
+<td>
+<p>The basic set is the superset of the default set with extra capabilities that can cause
+stability or performance problems.
+The following additional ABI calls are permitted:</p>
+<ul>
+<li>metrics;</li>
+<li>timers;</li>
+<li>side requests (HTTP and gRPC).</li>
+</ul>
+
+</td>
+</tr>
+<tr id="CapabilitySet-ADVANCED">
+<td><code>ADVANCED</code></td>
+<td>
+<p>The advanced set has no restrictions on the ABI calls. This is not
+recommended for use with untrusted modules.</p>
+
 </td>
 </tr>
 </tbody>
diff --git a/extensions/v1alpha1/wasm.proto b/extensions/v1alpha1/wasm.proto
index 7452d2fb4ff..493e5f80ad3 100644
--- a/extensions/v1alpha1/wasm.proto
+++ b/extensions/v1alpha1/wasm.proto
@@ -341,6 +341,53 @@ message WasmPlugin {
   // If a traffic satisfies any of TrafficSelectors, 
   // the traffic passes the WasmPlugin.
   repeated TrafficSelector match = 12;
+
+  // Specifies the restrictions on the execution of the module via limiting access
+  // to the host ABI calls. If not set, uses the default capability set.
+  CapabilityRestriction capabilities = 13;
+
+  // Specifies the restrictions on the callbacks from the host to the module.
+  // If not set, places no restrictions.
+  EventRestriction events = 14;
+}
+
+// Capability restriction enforces limits on the Wasm ABI calls.
+message CapabilityRestriction {
+  // The capability group to limit the ABI calls.
+  CapabilitySet set = 1;
+}
+
+// Event restrictions enforces limits on the callback to the Wasm module.
+message EventRestriction {
+  // Trigger Wasm execution on receiving the request headers.
+  bool OnRequestHeaders = 1;
+  // Trigger Wasm execution on receiving the request body.
+  bool OnRequestBody = 2;
+  // Trigger Wasm execution on receiving the response headers.
+  bool OnResponseHeaders = 3;
+  // Trigger Wasm execution on receiving the response body.
+  bool OnResponseBody = 4;
+}
+
+// A set of capabilities in the increasing order.
+enum CapabilitySet {
+  // The default set is the safe and the recommended setting.
+  // The following ABI calls are permitted:
+  // * logging;
+  // * property read.
+  DEFAULT = 0;
+
+  // The basic set is the superset of the default set with extra capabilities that can cause
+  // stability or performance problems.
+  // The following additional ABI calls are permitted:
+  // * metrics;
+  // * timers;
+  // * side requests (HTTP and gRPC).
+  BASIC = 1;
+
+  // The advanced set has no restrictions on the ABI calls. This is not
+  // recommended for use with untrusted modules.
+  ADVANCED = 2;
 }
 
 // The phase in the filter chain where the plugin will be injected.
diff --git a/extensions/v1alpha1/wasm_deepcopy.gen.go b/extensions/v1alpha1/wasm_deepcopy.gen.go
index 46403fbb11d..1115597639e 100644
--- a/extensions/v1alpha1/wasm_deepcopy.gen.go
+++ b/extensions/v1alpha1/wasm_deepcopy.gen.go
@@ -47,6 +47,48 @@ func (in *WasmPlugin_TrafficSelector) DeepCopyInterface() interface{} {
 	return in.DeepCopy()
 }
 
+// DeepCopyInto supports using CapabilityRestriction within kubernetes types, where deepcopy-gen is used.
+func (in *CapabilityRestriction) DeepCopyInto(out *CapabilityRestriction) {
+	p := proto.Clone(in).(*CapabilityRestriction)
+	*out = *p
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CapabilityRestriction. Required by controller-gen.
+func (in *CapabilityRestriction) DeepCopy() *CapabilityRestriction {
+	if in == nil {
+		return nil
+	}
+	out := new(CapabilityRestriction)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new CapabilityRestriction. Required by controller-gen.
+func (in *CapabilityRestriction) DeepCopyInterface() interface{} {
+	return in.DeepCopy()
+}
+
+// DeepCopyInto supports using EventRestriction within kubernetes types, where deepcopy-gen is used.
+func (in *EventRestriction) DeepCopyInto(out *EventRestriction) {
+	p := proto.Clone(in).(*EventRestriction)
+	*out = *p
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventRestriction. Required by controller-gen.
+func (in *EventRestriction) DeepCopy() *EventRestriction {
+	if in == nil {
+		return nil
+	}
+	out := new(EventRestriction)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new EventRestriction. Required by controller-gen.
+func (in *EventRestriction) DeepCopyInterface() interface{} {
+	return in.DeepCopy()
+}
+
 // DeepCopyInto supports using VmConfig within kubernetes types, where deepcopy-gen is used.
 func (in *VmConfig) DeepCopyInto(out *VmConfig) {
 	p := proto.Clone(in).(*VmConfig)
diff --git a/extensions/v1alpha1/wasm_json.gen.go b/extensions/v1alpha1/wasm_json.gen.go
index 03edc851c7c..e9337d2b918 100644
--- a/extensions/v1alpha1/wasm_json.gen.go
+++ b/extensions/v1alpha1/wasm_json.gen.go
@@ -28,6 +28,28 @@ func (this *WasmPlugin_TrafficSelector) UnmarshalJSON(b []byte) error {
 	return WasmUnmarshaler.Unmarshal(bytes.NewReader(b), this)
 }
 
+// MarshalJSON is a custom marshaler for CapabilityRestriction
+func (this *CapabilityRestriction) MarshalJSON() ([]byte, error) {
+	str, err := WasmMarshaler.MarshalToString(this)
+	return []byte(str), err
+}
+
+// UnmarshalJSON is a custom unmarshaler for CapabilityRestriction
+func (this *CapabilityRestriction) UnmarshalJSON(b []byte) error {
+	return WasmUnmarshaler.Unmarshal(bytes.NewReader(b), this)
+}
+
+// MarshalJSON is a custom marshaler for EventRestriction
+func (this *EventRestriction) MarshalJSON() ([]byte, error) {
+	str, err := WasmMarshaler.MarshalToString(this)
+	return []byte(str), err
+}
+
+// UnmarshalJSON is a custom unmarshaler for EventRestriction
+func (this *EventRestriction) UnmarshalJSON(b []byte) error {
+	return WasmUnmarshaler.Unmarshal(bytes.NewReader(b), this)
+}
+
 // MarshalJSON is a custom marshaler for VmConfig
 func (this *VmConfig) MarshalJSON() ([]byte, error) {
 	str, err := WasmMarshaler.MarshalToString(this)
diff --git a/kubernetes/customresourcedefinitions.gen.yaml b/kubernetes/customresourcedefinitions.gen.yaml
index 51338b7681f..15573756447 100644
--- a/kubernetes/customresourcedefinitions.gen.yaml
+++ b/kubernetes/customresourcedefinitions.gen.yaml
@@ -39,6 +39,35 @@ spec:
             description: 'Extend the functionality provided by the Istio proxy through
               WebAssembly filters. See more details at: https://istio.io/docs/reference/config/proxy_extensions/wasm-plugin.html'
             properties:
+              capabilities:
+                properties:
+                  set:
+                    description: The capability group to limit the ABI calls.
+                    enum:
+                    - DEFAULT
+                    - BASIC
+                    - ADVANCED
+                    type: string
+                type: object
+              events:
+                description: Specifies the restrictions on the callbacks from the
+                  host to the module.
+                properties:
+                  OnRequestBody:
+                    description: Trigger Wasm execution on receiving the request body.
+                    type: boolean
+                  OnRequestHeaders:
+                    description: Trigger Wasm execution on receiving the request headers.
+                    type: boolean
+                  OnResponseBody:
+                    description: Trigger Wasm execution on receiving the response
+                      body.
+                    type: boolean
+                  OnResponseHeaders:
+                    description: Trigger Wasm execution on receiving the response
+                      headers.
+                    type: boolean
+                type: object
               imagePullPolicy:
                 enum:
                 - UNSPECIFIED_POLICY
diff --git a/proto.lock b/proto.lock
index d2f9817801e..706490278b9 100644
--- a/proto.lock
+++ b/proto.lock
@@ -36453,6 +36453,22 @@
       "protopath": "extensions:/:v1alpha1:/:wasm.proto",
       "def": {
         "enums": [
+          {
+            "name": "CapabilitySet",
+            "enum_fields": [
+              {
+                "name": "DEFAULT"
+              },
+              {
+                "name": "BASIC",
+                "integer": 1
+              },
+              {
+                "name": "ADVANCED",
+                "integer": 2
+              }
+            ]
+          },
           {
             "name": "PluginPhase",
             "enum_fields": [
@@ -36566,6 +36582,16 @@
                 "name": "match",
                 "type": "TrafficSelector",
                 "is_repeated": true
+              },
+              {
+                "id": 13,
+                "name": "capabilities",
+                "type": "CapabilityRestriction"
+              },
+              {
+                "id": 14,
+                "name": "events",
+                "type": "EventRestriction"
               }
             ],
             "messages": [
@@ -36587,6 +36613,41 @@
               }
             ]
           },
+          {
+            "name": "CapabilityRestriction",
+            "fields": [
+              {
+                "id": 1,
+                "name": "set",
+                "type": "CapabilitySet"
+              }
+            ]
+          },
+          {
+            "name": "EventRestriction",
+            "fields": [
+              {
+                "id": 1,
+                "name": "OnRequestHeaders",
+                "type": "bool"
+              },
+              {
+                "id": 2,
+                "name": "OnRequestBody",
+                "type": "bool"
+              },
+              {
+                "id": 3,
+                "name": "OnResponseHeaders",
+                "type": "bool"
+              },
+              {
+                "id": 4,
+                "name": "OnResponseBody",
+                "type": "bool"
+              }
+            ]
+          },
           {
             "name": "VmConfig",
             "fields": [