I'm trying to setup a Internet only Policy for wired ports.  I've created permit role and added deny destination rules for our local networks.  I've also added allow rules for dns, dhcp, etc.   It looks like rule precedence is tripping me up as the denys are before the permits so everthing is blocked locally.  Is there a way to make rules have different precedence or a diffrent way to do this.
