I found out, that when I have a firewall rule that droppes everything (in forward mode) from a specific source to an specific outside interface (both check to be the right ones) does gives hits but does not drop (it seems) any traffic at all
As soon as I add to the rule a protocol, it droppes the traffic for that protocol.
Does anyone know how this is possible and to make sure I can block all traffic instead of making rules for every protocol there is?