Restrict outbound traffic in exam-mode

roles/lmn_exam/templates/no-way-out.xml.j2

@@ -0,0 +1,10 @@
+<policy target="REJECT">
+{% for address in exam_destination_allowed_ipv4 %}
+<rule family="ipv4">
+<destination address="{{ address }}"/>
+<accept/>
+</rule>
+{% endfor %}
+<ingress-zone name="{{ item }}"/>
+<egress-zone name="ANY"/>
+</policy>