On 4/8/25 8:48 PM, Florian Westphal wrote: > Eric Woudstra <ericwouds@xxxxxxxxx> wrote: >> The thing is, single vlan (802.1Q) can be conntracked without setting up >> a zone. I've only added Q-in-Q, AD and PPPoE-in-Q. Since single Q (L2) I forgot to mention only PPPoE here. >> can be conntracked, I thought the same will apply to other L2 tags. >> >> So would single Q also need this restriction added in your opinion? > > I think its too risky to add it now for single-Q case. Indeed, this would be a regression. I will look into only adding the restriction to the newly added tags. However, it is inconsistent, which is the point I was trying making.
