How to restrict some IPs with port forwarding

I have a self hosting server behind my Firewalla. My understanding is that rules should be used by denying everything and then allowing some things. At least that’s what I believe the priorities go when the rules are processed. I have a default block rule from traffic from internet to all devices. I have a port forwarding rule for traffic from internet to local port 443 on my server. So far so good. I’m trying to set a block rule matching a target list to all devices (I want to block incoming traffic from some specific IPs) but this doesn’t seem to do anything. The IPs on the list are still able to access the server which I’m guessing is because of the port forwarding rule taking precedence over any block. Port forwarding can be whitelisted so a target list but it doesn’t seem to be able to be black listed in any way. Is it possible to block a given target list from my server without breaking the rest of the port forwarding rule.