only add VM chains if VM firewall is enabled
Before if a NIC had the firewall enabled and the MAC filter was active,
a rule was added to the tap device even if the VM firewall was not
enabled. This led to nested machines not being able to reach outside.
Testcase: Host <-> VM <-> CT all on the same bridge. Host and CT could
not reach each other because of the MAC filter.
Now we check if the VM firewall is enabled and only add the MAC and
IP filters then.
Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
(cherry picked from commit
033a15b372734fcfb390c3b747f67bfa4643dabd)
projects / pve-firewall.git / commit