From 4eeb2d8debcb7c6e2c88f9c8fbc94958f8a9f836 Mon Sep 17 00:00:00 2001
From: Vlad <4941176+crn4@users.noreply.github.com>
Date: Mon, 17 Nov 2025 18:20:30 +0100
Subject: [PATCH] [management] added exception on not appending route firewall
 rules if we have all wildcard (#4801)

---
 management/server/types/networkmapbuilder.go | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/management/server/types/networkmapbuilder.go b/management/server/types/networkmapbuilder.go
index 41aaa7fc8..6361e2e93 100644
--- a/management/server/types/networkmapbuilder.go
+++ b/management/server/types/networkmapbuilder.go
@@ -22,10 +22,11 @@ import (
 )
 
 const (
-	allPeers = "0.0.0.0"
-	fw       = "fw:"
-	rfw      = "route-fw:"
-	nr       = "network-resource-"
+	allPeers      = "0.0.0.0"
+	allWildcard   = "0.0.0.0/0"
+	v6AllWildcard = "::/0"
+	fw            = "fw:"
+	rfw           = "route-fw:"
 )
 
 type NetworkMapCache struct {
@@ -1640,6 +1641,10 @@ func (b *NetworkMapBuilder) updateRouteFirewallRules(routesView *PeerRoutesView,
 			}
 
 			if string(rule.RouteID) == update.RuleID {
+				if hasWildcard := slices.Contains(rule.SourceRanges, allWildcard) || slices.Contains(rule.SourceRanges, v6AllWildcard); hasWildcard {
+					break
+				}
+
 				sourceIP := update.AddSourceIP
 
 				if strings.Contains(sourceIP, ":") {