I'd like to see a management only interface (a la pix) in the next release please :)
Any particular reason?
I'd be interested in your reasoning behind this.
This should be doable manually. Just use a new interface, allow only management traffic to pfSense via rules on the interface. Then disable the anti-lockout rules on the LAN and make sure (explicitly block, even) that no LAN or other interface traffic can access the management webserver or SSH ports on the pfSense box. Tada, a management interface! Although there are certainly a lot of other cool wizards/checkboxes that take care of multiple settings like this in one place…not saying a feature like that wouldn't be cool, but it's not quite a requirement to get the job done if you want it set up that way.
To add something to you comment:
Just create two aliases:
One Alias with all the pfsense interfaces IPs (if you have different VLANs) and the one alias for the ports (like 22, 80, 443) for accessing pfsense webGUI.
The you only have to create one block rule on top with destination IPs-Alias and Destination Ports-Alias. Thats all.