NEWNOTSYN means that the IPFire has recieved a paket that could not assigned to a connection. Most common reason is that the other peer has already closed it. Are you sure that the other peer has accepted the connection?
I am not sure if the other peer accepted the connection.
This morning I juste made others tests from another laptop and everything is working.
Yesterday evening, I created a firewall rule : Green -> allow 192.168.10.0/24 to 172.21.42.0/24
But from the first laptop it was not working.
This morning from a new one, it works.
For testing purposes I deleted the rule, and from the new laptop : nothing, no connection to the remote web server but icmp is ok !
I just enabled again the rule and tested from another web browser and everything worked back again few seconds later.
It’s quite difficult for me to understand this behavior.
First question should be : Do I need to create a rule to allow traffic from lan to this remote network ?
In the default profile traffic from green to green is blocked so you need a rule to allow it.
ICMP is always allowed because this is also needed get error messages like port not reachable or MTU error reorts so there is a default rule that allow all ICMP traffic. (only ICMP redirects are ignored by the kernel for security reasons)
No If you click on apply changes it will loaded into iptables. But if you add a rule that block something it not cut allready established tcp connections.