In the scenario described by @motility, if someone sets sys-net as a disposable template, creates a new disposable VM based on that template, and then routes sys-firewall through this disposable VM, what potential issues or risks could arise?
If there’s a risk that sys-net has contaminated through use, would it be safer to create a new, standard sys-net following @solene’s recent guide and then convert that into a disposable template?