You might can try to switch an to incoming rule. If I understand
correctly you should be able to ping the LAN interface with that rule
but that's about it. Is that what you are trying to do? What is the
actual destination you are trying to permit the source addresses to?
If you are using a "permit list of ip's, then deny all" type of ruleset
you can always switch to a "deny list of ip's, then permit all"