Plz Explain "And" / "Or" Firewall Rule


#1

Can someone plz tell me when to use “And” and when to use “Or” when creating firewall rules.

For example, if i create a rule saying if country does not equal USA “And” UK then challenge this works correctly.

But if i say USA “Or” UK, then i get challenged from UK which i shouldn’t.

So i’m very confused when “And” / “Or” should be used!


#2

If you are using more than one country code for the same condition, you’d better use “is not in” instead of “does not equal”. So resulting expression would be:

(not ip.geoip.country in {"US" "GB"})

which would apply the chosen action to anyone coming from any country except United States and United Kingdom.