Firewall rule exception for VPN subnets

NethServer Version: 7.9.2009
Module: shorewall
Hi everyone,
i’m a jr. IT making my first steps in the nethserver system.
First post here, so if I made any mistake forum/community related please tell me.
I’ve got a nethserver with the basic firewall and vpn module installed where i configured an OVPN server tunnel and a OVPN roadwarrior server. I’ve been asked to let a specific roadwarrior client communicate with the OVPN tunnel subnet (routed) but allowing only connection to a certain port. I’ve allowed traffic between VPNs and i created the static routes needed for the communication above and everything worked fine. Then I made the firewall rule to drop the traffic from that VPN user IP but I couldn’t understand how to create the exception. From the rule tab of GUI i can only create rules based on well known services and ports. I thought the solution was related maybe to local rules and services and I took a look to the Nethserver docs but i got stuck anyway.
Can someone address me to the solution or point me out if i’m missing something?
Thanks in advance

IMVHO you should create two rules.
The first one which allow traffic from the right source to the right destination (and… even port/s if necessary)
The second one which deny traffic fron the right source to the rest of the destination, if necessary.

Rules are processed sequentially. When traffic match one of them, decision is taken and the evaluation of another package is carried in.

Hi and Thanks Pike;
that’s what i intended to do.
I understand that i’ve been too much vague about the nature of my problem.
I’m working from GUI and the Rule page let me create only rules using system default services and port while a need a custom one.
Sorry, i will update original post consequently