Hi Rushi
I tried as you suggested and now the dns resolver is working due the source-port 53 allowed.
However, any another port the server from IP 172.16.100.10 try to connect to outside network (e.g. Internet) the access is denied, like port 443. Allowing the source-port 443 should solve, but this way, I should modify the filter always when the server from IP 172.16.100.10 need access a different port to outside which it wasn't allowed.
I would just like to filter the input access allowing specific ports from input and allowing everything to output, like in a stateful firewall model, but as you said before: "One important thing to remember is 'firewall filter is per packet filter'."
Thank you
Regards
Robson