straight forward to my problem.
Actually an easy setup:
I have several PCs in my LAN (all static IPs) and I want only a few
to be able to acces the internet (WAN).
For testing only one PC should be able to do that.
I have created the following rules in my LAN rule-set:
ALLOW * LAN address * -> LAN address *
ALLOW * PC1 * -> WAN address *
DENY * LAN address * -> * *
but PC1 is NOT able to access the net.
If I change the second rule to:
ALLOW * PC1 * -> * *
everything is fine! PC1 is able to access the net.
Which I do not understand.