On 4/8/25 8:48 PM, Florian Westphal wrote:
> Eric Woudstra <ericwo...@gmail.com> wrote:
>> The thing is, single vlan (802.1Q) can be conntracked without setting up
>> a zone. I've only added Q-in-Q, AD and PPPoE-in-Q. Since single Q (L2)
I forgot to mention only PPPoE here.
>> can be conntracked, I thought the same will apply to other L2 tags.
>>
>> So would single Q also need this restriction added in your opinion?
>
> I think its too risky to add it now for single-Q case.
Indeed, this would be a regression. I will look into only adding the
restriction to the newly added tags. However, it is inconsistent, which
is the point I was trying making.
