The network device is specified with all IP-filtering rules. This means that you have to define separate rules for each service if the specified hosts for the definition will be connected with different devices.
Example: You want to telnet from the firewall to the internet (device ppp0 / outgoing) and to the internal network (device eth0 / outgoing). Thus you have to setup two definitions for telnet, each for every network interface. Additionally you want to connect the firewall from the $ADMIN hosts:
telnet - $any - Outgoing
telnet - $internal - Outgoing
telnet - $ADMIN - Incoming