Also, I strongly discourage the use of the wildcard destination in ‘Allow’ rules. Are you aware that hosts from the ‘VLAN25’ network can access all ports on the firewall itself, for example? They can also access all other networks connected to the firewall except the ‘LAN’ network (since you explicitly blocked that). This includes VPNs, if there are any.
That is probably not what you want. Likely you want to allow access to the internet only, as well as select local networks. It is far more secure to specifically allow the destinations you actually want hosts to be able to connect to rather than to block individual destinations and allow all others. I already explained how to do this here:
https://staging-forum.lawrencesystems.com/t/how-to-block-all-inter-vlan-communication-in-pfsense/11064/6?u=paolo
I personally build my rules without ever using a single block rule.