I'm confused about services enabled in a zone because the docs suggest that it allows that service on destinations in the zone to be accessed from sources outside the zone, but then I've seen some places on blogs and forums that suggest that the enabled services for the zone affect outbound connections from sources in the zone. Is it controlling inbound, outbound, or both?
I have an http server in zone1, and I want to allow any source in zone2 to connect to it (but not vice versa). How do I do that? I tried setting a "rich rule" for zone1, but I couldn't figure out how to use zone2 as the source in a rule. Is that not possible?