Why is the rule #1 not taking effect?

VLAN 10 is my management/admin VLAN so I need for the clients in that VLAN to communicate with all of my other VLANs.

The deny rules (#5, #13, and #19) are the ones blocking all access from VLANs 20, 30, and 40 to VLAN 10 (my management/admin VLAN).

I tried pinging from VLANs 20, 30, and 40 to any client in my VLAN 10. I cannot ping any client. I cannot even ping VLAN 10's gateway, which is what I want to happen.

But why is rule #1 not taking effect?

I tried to ping from my server in VLAN 10 to any of the clients in my VLANs 20, 30, and 40. I cannot ping them. I cannot even ping their gateways (10.0.20.1, 10.0.30.1, and 10.0.40.1).

This is in Switch ACL, by the way.

I also tried to put these in Gateway ACL:

- allow VLAN 10 -> VLAN 20, 30, 40

- deny VLAN 20, 30, 40 -> VLAN 10

But as soon as I enable the deny rule, the clients are being kicked out.