restrict network rules type to operand network

gustavo-iniguez-goya · gustavo-iniguez-goya · commit 3040507e7bc3 · 2026-02-07T12:19:26.000+01:00
Restrict the use of network type to network operand:

  "operator": {
    "type": "network",
    "operand": "dest.network",
    "sensitive": false,
    "data": "LAN",
    "list": []
  }
diff --git a/daemon/rule/operator.go b/daemon/rule/operator.go
@@ -163,6 +163,9 @@ func (o *Operator) Compile() error {
 	} else if o.Type == List {
 		o.Operand = OpList
 	} else if o.Type == Network {
+		if o.Operand != OpDstNetwork {
+			return fmt.Errorf("operand %s is only allowed with type %s", Network, OpDstNetwork)
+		}
 		if err := o.compileNetwork(); err != nil {
 			return err
 		}
