Calico GlobalNetworkPolicy in kubernetes not working as expected

I want to implement a simple global network policy using Calico. This policy should do the following things:

1. Allow all Ingress across the cluster (i.e. No inbound restrictions on any POD)
2. Allow all egress from every pod to any destinations (internal and external) except to destination IPs ["1.1.1.1", "2.2.2.2"]

Below is the YAML I am using, but after applying this YAML, all my outbound access is blocked to any IPs

     apiVersion: projectcalico.org/v3
     kind: GlobalNetworkPolicy
     metadata:
       name: global-deny-gnp
     spec:
       order: 100
     namespaceSelector: ""
     types:
       - Egress
     egress:
       - action: Deny
         protocol: TCP
         destination:
           nets: ["1.1.1.1", "2.2.2.2"]

Need help !!!

You could try this policy:

apiVersion: projectcalico.org/v3
     kind: GlobalNetworkPolicy
     metadata:
       name: global-deny-gnp
     spec:
       order: 100
     namespaceSelector: ""
     types:
       - Egress
     egress:
       - action: Deny
         protocol: TCP
         destination:
           nets: ["1.1.1.1", "2.2.2.2"]
       - action: Allow

The reason I added the extra action is becuase of this: If one or more network policies apply to a pod containing egress rules, then only the egress traffic specifically allowed by those policies is allowed.

Because you haven't added any allow rules, but you have added an egress deny policy, all traffic is denied by default. Adding the allow after the deny means anything that isn't denied by your first rule will be passed to the second rule. You could try an allow notNets, or use selectors, as an entity rule.