M4300 VLAN ACL

Hello,

Im going to configure some VLANs on a M4300. Out Network will be designed as Spine-Leaf. While the M4300 is routing the VLANs, the S3300 models are for connecting the clients to the network.

Now I configured the following VLANs on all Switches - Inter VLAN Routing is working.

VLAN 10: Management

Network: 172.16.10.0/24
VLAN 20: Server

Network: 172.16.20.0/24

VLAN 30: Clients 1

Network: 172.16.30.0/24

VLAN 40: Clients 2

Network: 172.16.40.0/24

VLAN 50: Guest

Network: 172.16.50.0/24

I want to seperate the VLANs with ACL, so I have to configure them on our Layer 3 Switch. I created on the M4300 a IP ACL with some Extended ACLs. For testing I wanted to seperate the guest for connecting to other VLANs, but want to allow that the Management VLAN can connect to the guests. So I want to separate one direction. When setting the following ACL, traffic is seperated in both direction. How can I get it working in only one direction?

ACL has following settings:

IP ACL e. g. 110

IP Extended ACL:

Rule 1 Deny | Match Every False | Src 172.16.50.0 0.0.0.255 | Dst 172.16.10.0 0.0.0.255

Rule 2 Deny | Match Every False | Src 172.16.50.0 0.0.0.255 | Dst 172.16.20.0 0.0.0.255

Rule 3 Deny | Match Every False | Src 172.16.50.0 0.0.0.255 | Dst 172.16.30.0 0.0.0.255

Rule 4 Deny | Match Every False | Src 172.16.50.0 0.0.0.255 | Dst 172.16.40.0 0.0.0.255

Rule 5 Permit | Match Every True

I bound this ACL to VLAN 50:

VLAN ID 50 | Direction InBound | Sequence 1 | ACP Type IP ACL | ACL ID e. g. 110

Im unterstanding the rules that traffic from the defined source (VLAN50) will be blocked to the destination (all other VLANs). But in my case, the traffic is blocked in both ways.
This is the only ACL I created (to sepearate guests in ONE WAY).

Whats my failure? Can you give me some screenshots how I have to set the rules correctly?