firewall: check for 'qubes-firewall' feature instead of being ProxyVM

This enable better detection whether firewall settings will really be
respected.

Fixes QubesOS/qubes-issues#2003

qubesmanager/firewall.py

@@ -383,13 +383,6 @@ class QubesFirewallRulesModel(QAbstractItemModel):
         if self.fw_changed:
             self.write_firewall_conf(self.__vm, conf)
 
-            if self.__vm.is_running():
-                vm = self.__vm.netvm
-                while vm is not None:
-                    if vm.is_proxyvm() and vm.is_running():
-                        vm.write_iptables_qubesdb_entry()
-                    vm = vm.netvm
-
     def index(self, row, column, parent=QModelIndex()):
         if not self.hasIndex(row, column, parent):
             return QModelIndex()

qubesmanager/settings.py

@@ -200,14 +200,17 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
 
     def current_tab_changed(self, idx):
         if idx == self.tabs_indices["firewall"]:
-            if self.vm.netvm is not None and not self.vm.netvm.is_proxyvm():
+            netvm = self.vm.netvm
+            if netvm is not None and \
+                    not netvm.features.check_with_template('qubes-firewall', False):
                 QMessageBox.warning(None,
                     self.tr("VM configuration problem!"),
-                    self.tr("The '{vm}' AppVM is not network connected to a "
+                    self.tr("The '{vm}' AppVM is network connected to "
-                    "FirewallVM!<p>"
+                        "'{netvm}', which does not support firewall!<br/>"
                         "You may edit the '{vm}' VM firewall rules, but these "
                         "will not take any effect until you connect it to "
-                    "a working Firewall VM.").format(vm=self.vm.name))
+                        "a working Firewall VM.").format(
+                            vm=self.vm.name, netvm=netvm.name))
 
 
     ######### basic tab