diff --git a/releases.json b/releases.json
index e82e29eb4..8443a892c 100644
--- a/releases.json
+++ b/releases.json
@@ -1540,6 +1540,14 @@
       "1.8.4-1"
     ]
   },
+  "kafel": {
+    "dependency_names": [
+      "kafel"
+    ],
+    "versions": [
+      "2023.10.10"
+    ]
+  },
   "kraken-engine": {
     "dependency_names": [
       "kraken-engine"
diff --git a/subprojects/kafel.wrap b/subprojects/kafel.wrap
new file mode 100644
index 000000000..bf671b7b4
--- /dev/null
+++ b/subprojects/kafel.wrap
@@ -0,0 +1,10 @@
+[wrap-file]
+directory = kafel-20231004
+source_url = https://github.com/google/kafel/archive/20231004.tar.gz
+source_filename = 231004.tar.gz
+source_hash = b5fe85ad72070844dc24474a036f3b909c3f604b69c616d124793c37df7a9d7f
+patch_directory = kafel
+
+[provide]
+dependency_names = kafel
+program_names = dump_policy_bpf
diff --git a/subprojects/packagefiles/kafel/meson.build b/subprojects/packagefiles/kafel/meson.build
new file mode 100644
index 000000000..325fbd21e
--- /dev/null
+++ b/subprojects/packagefiles/kafel/meson.build
@@ -0,0 +1,96 @@
+project('kafel', 'c',
+  version: '2023.10.10',
+  default_options: [
+    'c_std=gnu11',
+  ])
+
+flex = find_program('flex')
+bison = find_program('bison')
+pkgconf = import('pkgconfig')
+sed = find_program('sed')
+
+fix_parser = custom_target('fix_parser',
+  command: [sed, '-e', '/%output "parser.c"/d', '-e', '/%defines "parser.h"/d', '@INPUT@'],
+  capture: true,
+  input: 'src/parser.y',
+  output: 'parser.y.fixed',
+)
+
+fix_lexer = custom_target('fix_lexer',
+  command: [sed, '-e', '/%option outfile="lexer.c" header-file="lexer.h"/d', '@INPUT@'],
+  capture: true,
+  input: 'src/lexer.l',
+  output: 'lexer.l.fixed',
+)
+
+lexer = custom_target('lexer',
+  command: [flex, '-o', '@OUTPUT0@', '--header-file=@OUTPUT1@', '@INPUT@'],
+  input: fix_lexer,
+  output: ['lexer.c', 'lexer.h'],
+  build_by_default: true,
+)
+
+parser = custom_target('parser',
+  command: [bison, '-o', '@OUTPUT0@', '--defines=@OUTPUT1@', '@INPUT@'],
+  input: fix_parser,
+  output: ['parser.c', 'parser.h'],
+  build_by_default: true,
+)
+
+kafel_sources = [
+  'src/kafel.c',
+  'src/context.c',
+  'src/codegen.c',
+  'src/expression.c',
+  'src/includes.c',
+  'src/parser_types.c',
+  'src/policy.c',
+  'src/range_rules.c',
+  'src/syscall.c',
+  'src/syscalls/amd64_syscalls.c',
+  'src/syscalls/i386_syscalls.c',
+  'src/syscalls/aarch64_syscalls.c',
+  'src/syscalls/mipso32_syscalls.c',
+  'src/syscalls/mips64_syscalls.c',
+  'src/syscalls/riscv64_syscalls.c',
+  'src/syscalls/arm_syscalls.c',
+  lexer,
+  parser
+]
+
+kafel_inc = include_directories('include', 'src')
+
+kafel_lib = library('kafel',
+  sources: kafel_sources + [lexer, parser],
+  include_directories: kafel_inc,
+  install: true
+)
+
+kafel_dep = declare_dependency(
+  include_directories: kafel_inc,
+  link_with: kafel_lib
+)
+
+dump_policy_bpf_sources = files(
+  'tools/dump_policy_bpf/disasm.c',
+  'tools/dump_policy_bpf/main.c',
+  'tools/dump_policy_bpf/print.c',
+)
+
+dump_policy_bpf_exe = executable('dump_policy_bpf',
+  sources: dump_policy_bpf_sources,
+  dependencies: [kafel_dep],
+  install: true,
+  gnu_symbol_visibility: 'hidden'
+)
+
+install_headers('include/kafel.h', subdir: 'kafel')
+
+meson.override_find_program('dump_policy_bpf', dump_policy_bpf_exe)
+meson.override_dependency('kafel', kafel_dep)
+
+pkgconf.generate(
+  kafel_lib,
+  description : 'Kafel - seccomp filter generator',
+  subdirs : 'kafel'
+)