I'm not sure if it's a lack of functionality or understanding, but your internal firewall rules don't quite work properly.
Example:
I've allowed my public work IP address inbound to the SSH daemon, which works fine, port 22. I then created a rule BENEATH this one that denies access from everyone to SSH...this should then allow my work IP to connect, but deny everyone else. It appears your rule set does not work this way. Once I add this deny, it seems to randomly deny all the traffic to that service/port. I had it working for a while, but then it stopped working...then it worked...etc.
Is there some sort of bug preventing it from reading the firewall rules in order, because it seems that in this case, it's hitting the deny rule before it should be.
Example:
I've allowed my public work IP address inbound to the SSH daemon, which works fine, port 22. I then created a rule BENEATH this one that denies access from everyone to SSH...this should then allow my work IP to connect, but deny everyone else. It appears your rule set does not work this way. Once I add this deny, it seems to randomly deny all the traffic to that service/port. I had it working for a while, but then it stopped working...then it worked...etc.
Is there some sort of bug preventing it from reading the firewall rules in order, because it seems that in this case, it's hitting the deny rule before it should be.