> > except > > vnet0->host > host->vnet0 > > I have blocked traffic at vnet0 level, even if I have an accept rule in vnet0... > this is strange. (I need to do more tests) > > does it work for you ? Yes, work here. You also need to have an accept rule for the host side. Does it help if you stop/start the firewall?