I think I may be misunderstanding the firewall rules on the 3910.

I have two ports that I wish to remain open, by way of example, lets say port 4000 & 5010 (not the real ports)

I set up a firewall rule allowing both these ports to "pass" these ports from any IP address to the correct destination.   Lets say rule 4 & 5.

I then set up a new rule to "BLOCK" all traffic from the WAN to internal destinations.  Rule 10.

Now I thought the "PASS" rule would allow the traffic on ports 4000 & 5010 as defined in rule 4 & 5, but noticed that rule 10, effectively a block all rule was blocking traffic to port 4000 & 5010,

I always thought that Firewall rules were executed in order. so rule 4&5 would be passed and everything else blocked. 

Did I misunderstand?