Did you apply the rule manually using a ssh console or did you reboot the router ? Could you check that the rule is present in the running table with "iptables -n -L | grep 10.77.20.3" in a console ?
There is no easy way to flush the nf_conntrack tables, the conntrack utility cannot be installed so this 10.77.20.3->8.209.78.241 can be a remnant of the state before adding the rule and only a reboot can clear it.