The current implementation of ipForwarding with modes `Restricted` and `Global` does not fix the use cases that the feature was initially requested for.

See: https://issues.redhat.com/browse/OCPBUGS-3176
See: https://issues.redhat.com/browse/OCPBUGS-16051

The reason for https://issues.redhat.com/browse/OCPBUGS-3176 was to avoid routing between physical interfaces, while allowing metallb ExternalIPs to work on those same physical interfaces.
Currently, mode `Global` has no restrictions. And mode `Restricted` breaks ExternalIPs, NodePorts, and other features on interfaces other than br-ex.

I'm pretty sure that a solution that matches our customer requirements actually has to use iptables/nftables or some other firewall. Alternatively, VRFs could be an option.

Whatever the solution, the feature has to be revisited for our partners.