> ruleset_create_chain($ruleset, "PVEFW-FORWARD"); > + #bypass firewall for non firewalled bridge > + ruleset_addrule($ruleset, "PVEFW-FORWARD", "! -i fwbr+ -j ACCEPT"); > + This does not work, because it accepts traffic from venet0!