I’m trying to set up 2 firewall rules that use the same expression. I want to add a Bypass to avoid certain IPs hitting out rate limits, and then explicitly Allow that same set of IPs so they don’t get processed by subsequent firewall rules.
The expressions is pretty simple - it is just
(ip.src in $my_ip_list)
However the issue is that I cannot have 2 firewall rules that use the same expression. I just hit the “config duplicates an already existing config (Code: 10102)” error. This means that instead of just Allowing my IP list, I have to explicitly exclude it from any subsequent firewall rules that might Block or issue a Challenge, which seems pretty clumsy.
Is there a way to do both a Bypass and Allow in the same rule, or to broaden the duplicate config check so it takes into account the Action on the rule?