Yuriy A. Dmitrishin wrote:
Looks like it's my mistake.This rule doesn't work when I connecting from my LAN, but only from ext. network.
Ah, then it's working properly. From ext network; VNC should be run inside a tunnel since VNC sessions are not encrypted. VNC passwords are sent as plain text.
