> ruleset_create_chain($ruleset, "PVEFW-FORWARD"); > + #bypass firewall for non firewalled bridge > + ruleset_addrule($ruleset, "PVEFW-FORWARD", "! -i fwbr+ -j ACCEPT"); > + wouldn't it be better to use RETURN to minimize impact on existing rules?