The firewall rule generation only uses and or statements so some rules have to be split because there isn’t any way to combine them with and or statements.
Example:
- Exclusion Rule: Allow SNI <service/update domain such as cloudflare.com>
- Block Rule: Block Source or Destination IP geolocation is
If I enable this and tries to connect from a source destination included in the block, the Allow rule gets ignored and the connection gets blocked anyway.