Eric Woudstra <ericwouds@xxxxxxxxx> wrote: > The thing is, single vlan (802.1Q) can be conntracked without setting up > a zone. I've only added Q-in-Q, AD and PPPoE-in-Q. Since single Q (L2) > can be conntracked, I thought the same will apply to other L2 tags. > > So would single Q also need this restriction added in your opinion? I think its too risky to add it now for single-Q case.
