Hi,
presumed that you use something like asymmetric routing, your issue might be caused by Reverse Path Filtering (RPF) in Core Update 168 being tightened, so any network packet arriving on an interface where IPFire would have not routed replies back to will be dropped.
To validate this: What happens after you run these two commands on your IPFire machine?
sysctl net.ipv4.conf.default.rp_filter=2
sysctl net.ipv4.conf.all.rp_filter=2
They should become effective immediately, no reboot required or anything. Does this change anything to the behaviour you observe?
Thanks, and best regards,
Peter Müller