Hello everyone!
I was wondering, i have GRE tunnels with IPSEC and they are working fine, but is there a way to restrict traffic from site A to site B or the other way around?
I tried that with some basic drop forward rules from SRC address but it doesn’t work like that, as in the traffic stops working 
Any help is appreciated!
Thank you all for the delegated time. =)
Except rare use cases, packet communications are bi-directional, so normally the packets must flow from A to B and from B to A.
But a stateful firewall normally does exactly what you want - the whole connection (TCP session etc.) is accepted or not by rules handling its very first packet. So if the very first packet from the (“initiator” or “client”) to the “responder” (or “server”) is accepted, the rest of the packets of that connection are accepted too; if the very first packet is dropped/rejected, the connection doesn’t establish as the responder never receives the request from the initiator. So if the rules for the initial packets accept any packet from A to B and drop any packet from B to A, your goal will be reached.