Apply outbound restriction in exam_mode on macvtap interfaces too

roles/lmn_exam/tasks/main.yml

@@ -72,6 +72,16 @@
     - exam_destination_allowed_ipv4 is defined
     - exam_destination_allowed_ipv4 | length > 0
 
+- name: Install no-way-out nf-table for macvtap device
+  ansible.builtin.template:
+    src: no-way-out-nftable.j2
+    dest: "/usr/local/sbin/no-way-out-nftable"
+    mode: '0755'
+  when:
+    - exam_destination_allowed_ipv4 is defined
+    - exam_destination_allowed_ipv4 | length > 0
+    - vm_support is defined and vm_support
+
 - name: Enable login script via pam_exec.so
   ansible.builtin.lineinfile:
     dest: /etc/pam.d/common-session