Thanks for your answer,
now i see the connection on the connection list. The firewall rules works, but i got troubels with limitating the ports.
Especually i try to limt the port that only port 80 is allowed it fails.
Here the logs with only tcp allowed any port:
20:51:12 firewall,info forward: in:bridge-vlan800(eth6-vlan800) out:bridge-vlan800(ether8), src-mac 00:0c:29:1c:4c:71, proto TCP (SYN), 172.19.102.253:49889->172.19.102.2:80, len 52
20:51:12 firewall,info forward: in:bridge-vlan800(ether8) out:bridge-vlan800(eth6-vlan800), src-mac 00:90:e8:1d:68:2e, proto TCP (SYN,ACK), 172.19.102.2:80->172.19.102.253:49889, len 48
20:51:12 firewall,info forward: in:bridge-vlan800(eth6-vlan800) out:bridge-vlan800(ether8), src-mac 00:0c:29:1c:4c:71, proto TCP (ACK), 172.19.102.253:49889->172.19.102.2:80, len 40
if i select only port 80 as destination port this happens and it doesn't work:
20:54:08 firewall,info forward: in:bridge-vlan800(eth6-vlan800) out:bridge-vlan800(ether8), src-mac 00:0c:29:1c:4c:71, proto TCP (SYN), 172.19.102.253:49892->172.19.102.2:80, len 52
20:54:11 firewall,info forward: in:bridge-vlan800(eth6-vlan800) out:bridge-vlan800(ether8), src-mac 00:0c:29:1c:4c:71, proto TCP (SYN), 172.19.102.253:49892->172.19.102.2:80, len 52
20:54:17 firewall,info forward: in:bridge-vlan800(eth6-vlan800) out:bridge-vlan800(ether8), src-mac 00:0c:29:1c:4c:71, proto TCP (SYN), 172.19.102.253:49892->172.19.102.2:80, len 48
Any idea how to fix that?